How to Buy
This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Windows host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 10.x is potentially affected by
the following security issues :
- Several memory safety bugs exist in the browser engine
used in Mozilla-based products that could be exploited
to execute arbitrary code. (CVE-2012-5843)
- An error exists in the method
'image::RasterImage::DrawFrameTo' related to GIF images
that could allow a heap-based buffer overflow, leading to
arbitrary code execution. (CVE-2012-4202)
- Errors exist related to 'evalInSandbox', 'HZ-GB-2312'
charset, frames and the 'location' object, and
'cross-origin wrappers' that could allow cross-site
scripting (XSS) attacks. (CVE-2012-4201,
CVE-2012-4207, CVE-2012-4209, CVE-2012-5841)
- Various use-after-free, out-of-bounds read and buffer
overflow errors exist that could potentially lead to
arbitrary code execution. (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5830,
CVE-2012-5833, CVE-2012-5835, CVE-2012-5839,
Please note the 10.x ESR branch will be unsupported as of 02/13/2013.
Only the 17.x ESR branch will receive security updates after that
See also :
Upgrade to Thunderbird 10.0.11 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Nessus Plugin ID: 62999 ()
Bugtraq ID: 566125661456618566285662956631566325663356634566355663656637566415664256643
CVE ID: CVE-2012-4201CVE-2012-4202CVE-2012-4207CVE-2012-4209CVE-2012-4214CVE-2012-4215CVE-2012-4216CVE-2012-5829CVE-2012-5830CVE-2012-5833CVE-2012-5835CVE-2012-5839CVE-2012-5840CVE-2012-5841CVE-2012-5843
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.