How to Buy
This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird is earlier than 14.0 and thus,
is potentially affected by the following security issues :
- Several memory safety issues exist, some of which could
potentially allow arbitrary code execution.
- Several memory safety issues exist related to the Gecko
layout engine. (CVE-2012-1951, CVE-2012-1952,
'history.forward' and 'history.back' can allow
incorrect URLs to be displayed. (CVE-2012-1955)
- Cross-site scripting attacks are possible due to an
error related to the '<embed>' tag within an RSS
'<description>' element. (CVE-2012-1957)
- A use-after-free error exists related to the method
- An error exists that can allow 'same-compartment
security wrappers' (SCSW) to be bypassed.
- An out-of-bounds read error exists related to the color
management library (QCMS). (CVE-2012-1960)
- The 'X-Frames-Options' header is ignored if it is
- A memory corruption error exists related to the method
- An error related to the 'Content Security Policy' (CSP)
implementation can allow the disclosure of OAuth 2.0
access tokens and OpenID credentials. (CVE-2012-1963)
can allow scripts to run at elevated privileges outside
the sandbox. (CVE-2012-1967)
See also :
Upgrade to Thunderbird 14.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 60041 ()
Bugtraq ID: 5457254573545745457554576545785458054582545835458454586
CVE ID: CVE-2012-1948CVE-2012-1949CVE-2012-1951CVE-2012-1952CVE-2012-1953CVE-2012-1954CVE-2012-1955CVE-2012-1957CVE-2012-1958CVE-2012-1959CVE-2012-1960CVE-2012-1961CVE-2012-1962CVE-2012-1963CVE-2012-1967
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.