How to Buy
This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird is earlier than 17.0.2 and thus,
is potentially affected by the following security issues :
- Two intermediate certificates were improperly issued by
TURKTRUST certificate authority. (CVE-2013-0743)
- A use-after-free error exists related to displaying
HTML tables with many columns and column groups.
- An error exists related to the 'AutoWrapperChanger'
class that does not properly manage objects during
garbage collection. (CVE-2012-0745)
- An error exists related to 'jsval', 'quickstubs', and
compartmental mismatches that could lead to potentially
exploitable crashes. (CVE-2013-0746)
- Errors exist related to events in the plugin handler
that could allow same-origin policy bypass.
- An error related to the 'toString' method of XBL
objects could lead to address information leakage.
- Unspecified memory corruption issues exist.
- An error exists related to multiple XML bindings with
SVG content, contained in XBL files. (CVE-2013-0752)
- A use-after-free error exists related to
'XMLSerializer' and 'serializeToStream'.
- A use-after-free error exists related to garbage
collection and 'ListenManager'. (CVE-2013-0754)
- A use-after-free error exists related to the 'Vibrate'
library and 'domDoc'. (CVE-2013-0755)
'Proxy' objects. (CVE-2013-0756)
- 'Chrome Object Wrappers' (COW) can be bypassed by
changing object prototypes, which could allow
arbitrary code execution. (CVE-2013-0757)
- An error related to SVG elements and plugins could
allow privilege escalation. (CVE-2013-0758)
- An error exists related to the address bar that could
allow URL spoofing attacks. (CVE-2013-0759)
- Multiple, unspecified use-after-free, out-of-bounds read
and buffer overflow errors exist. (CVE-2013-0761,
CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
- An error exists related to SSL and threading that
could result in potentially exploitable crashes.
- An error exists related to 'Canvas' and bad height or
width values passed to it from HTML. (CVE-2013-0768)
See also :
Upgrade to Thunderbird 17.0.2 / 17.0.2 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 63547 ()
Bugtraq ID: 57193571945719557196571975719857203572045720557209572115721357215572175721857228572325723457235572365723857240572415724457258
CVE ID: CVE-2013-0744CVE-2013-0745CVE-2013-0746CVE-2013-0747CVE-2013-0748CVE-2013-0749CVE-2013-0750CVE-2013-0752CVE-2013-0753CVE-2013-0754CVE-2013-0755CVE-2013-0756CVE-2013-0757CVE-2013-0758CVE-2013-0759CVE-2013-0761CVE-2013-0762CVE-2013-0763CVE-2013-0764CVE-2013-0766CVE-2013-0767CVE-2013-0768CVE-2013-0769CVE-2013-0771
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.