This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 10.x is potentially affected by
the following security issues :
- Two intermediate certificates were improperly issued by
TURKTRUST certificate authority. (CVE-2013-0743)
- A use-after-free error exists related to displaying
HTML tables with many columns and column groups.
- An error exists related to 'jsval', 'quickstubs', and
compartmental mismatches that could lead to potentially
exploitable crashes. (CVE-2013-0746)
- An error related to the 'toString' method of XBL
objects could lead to address information leakage.
- A use-after-free error exists related to
'XMLSerializer' and 'serializeToStream'.
- A use-after-free error exists related to garbage
collection and 'ListenManager'. (CVE-2013-0754)
- An error related to SVG elements and plugins could
allow privilege escalation. (CVE-2013-0758)
- An error exists related to the address bar that could
allow URL spoofing attacks. (CVE-2013-0759)
- Multiple, unspecified use-after-free, out-of-bounds read
and buffer overflow errors exist. (CVE-2013-0762,
- An unspecified memory corruption issue exists.
Please note the 10.x ESR branch will no longer be supported as of
02/13/2013. Only the 17.x ESR branch will receive security updates
after that date.
See also :
Upgrade to Thunderbird 10.0.12 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 63546 ()
Bugtraq ID: 57193571945719557203572095721757218572285723257234572355723857258
CVE ID: CVE-2013-0744CVE-2013-0746CVE-2013-0748CVE-2013-0750CVE-2013-0753CVE-2013-0754CVE-2013-0758CVE-2013-0759CVE-2013-0762CVE-2013-0766CVE-2013-0767CVE-2013-0769
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.