This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :
- Several memory safety issues exist, some of which could
potentially allow arbitrary code execution.
- Several memory safety issues exist related to the Gecko
layout engine. (CVE-2012-1951, CVE-2012-1952,
'history.forward' and 'history.back' can allow
incorrect URLs to be displayed. (CVE-2012-1955)
- Cross-site scripting attacks are possible due to an
error related to the '<embed>' tag within an RSS
'<description>' element. (CVE-2012-1957)
- A use-after-free error exists related to the method
- An error exists that can allow 'same-compartment
security wrappers' (SCSW) to be bypassed.
- The 'X-Frames-Options' header is ignored if it is
- A memory corruption error exists related to the method
- An error related to the 'Content Security Policy' (CSP)
implementation can allow the disclosure of OAuth 2.0
access tokens and OpenID credentials. (CVE-2012-1963)
- An error exists related to the certificate warning page
that can allow 'clickjacking' thereby tricking a user
into accepting unintended certificates. (CVE-2012-1964)
can allow scripts to run at elevated privileges outside
the sandbox. (CVE-2012-1967)
See also :
Upgrade to Thunderbird 10.0.6 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 60040 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now