The remote Scientific Linux host is missing a security update.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content.
Malicious content could cause Thunderbird to crash or, potentially,
execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990,
CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181,
CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186,
Two flaws in Thunderbird could allow malicious content to bypass
intended restrictions, possibly leading to information disclosure, or
Thunderbird executing arbitrary code. Note that the information
disclosure issue could possibly be combined with other flaws to
achieve arbitrary code execution. (CVE-2012-3986, CVE-2012-3991)
Multiple flaws were found in the location object implementation in
Thunderbird. Malicious content could be used to perform cross-site
scripting attacks, script injection, or spoofing attacks.
(CVE-2012-1956, CVE-2012-3992, CVE-2012-3994)
Two flaws were found in the way Chrome Object Wrappers were
implemented. Malicious content could be used to perform cross-site
scripting attacks or cause Thunderbird to execute arbitrary code.
Note: None of the issues in this advisory can be exploited by a
default for mail messages. They could be exploited another way in
Thunderbird, for example, when viewing the full remote content of an
After installing the update, Thunderbird must be restarted for the
changes to take effect.
See also :
Update the affected thunderbird package.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true