This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :
- An error exists in the ASN.1 decoder when handling zero
length items that can lead to application crashes.
- Multiple memory corruption errors exist. (CVE-2012-1937,
- Two heap-based buffer overflows and one heap-based use-
after-free error exist and are potentially exploitable.
(CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
- The inline-script blocking feature of the 'Content
Security Policy' (CSP) does not properly block inline
event handlers. This error allows remote attackers to
more easily carry out cross-site scripting attacks.
- A use-after-free error exists related to replacing or
inserting a node into a web document. (CVE-2012-1946)
See also :
Upgrade to Thunderbird 10.0.5 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 59406 ()
Bugtraq ID: 5379153792537935379453797537985380053801
CVE ID: CVE-2012-0441CVE-2012-1937CVE-2012-1939CVE-2012-1940CVE-2012-1941CVE-2012-1944CVE-2012-1946CVE-2012-1947
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.