Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.

Description :

The installed version of Thunderbird ESR 17.x is prior to 17.0.5 and
is, therefore, potentially affected the following vulnerabilities :

- Various memory safety issues exist. (CVE-2013-0788)

- An out-of-bounds memory read error exists related to
'CERT_DecodeCertPackage' and certificate decoding.

- An error exists related to navigation, history and
improper 'baseURI' property values that could allow
cross-site scripting attacks. (CVE-2013-0793)

- An error exists related to 'cloneNode' that can allow
'System Only Wrapper' (SOW) to be bypassed, thus
violating the same origin policy and possibly leading
to privilege escalation and code execution.

- An out-of-bounds write error exists related to the
Cairo graphics library. (CVE-2013-0800)

See also :

Solution :

Upgrade to Thunderbird ESR 17.0.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 65804 ()

Bugtraq ID: 58819

CVE ID: CVE-2013-0788

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial