Thunderbird 10.0.x < 10.0.6 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.

Description :

The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :

- Several memory safety issues exist, some of which could
potentially allow arbitrary code execution.

- Several memory safety issues exist related to the Gecko
layout engine. (CVE-2012-1951, CVE-2012-1952,
CVE-2012-1953, CVE-2012-1954)

- An error related to JavaScript functions
'history.forward' and 'history.back' can allow
incorrect URLs to be displayed. (CVE-2012-1955)

- Cross-site scripting attacks are possible due to an
error related to the '<embed>' tag within an RSS
'<description>' element. (CVE-2012-1957)

- A use-after-free error exists related to the method
'nsGlobalWindow::PageHidden'. (CVE-2012-1958)

- An error exists that can allow 'same-compartment
security wrappers' (SCSW) to be bypassed.

- The 'X-Frames-Options' header is ignored if it is
duplicated. (CVE-2012-1961)

- A memory corruption error exists related to the method
'JSDependentString::undepend'. (CVE-2012-1962)

- An error related to the 'Content Security Policy' (CSP)
implementation can allow the disclosure of OAuth 2.0
access tokens and OpenID credentials. (CVE-2012-1963)

- An error exists related to the certificate warning page
that can allow 'clickjacking' thereby tricking a user
into accepting unintended certificates. (CVE-2012-1964)

- An error exists related to the 'javascript:' URL that
can allow scripts to run at elevated privileges outside
the sandbox. (CVE-2012-1967)

See also :

Solution :

Upgrade to Thunderbird 10.0.6 ESR or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false