This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird ESR 17.x is prior to 17.0.8 and
is, therefore, potentially affected the following vulnerabilities :
- Various errors exist that could allow memory corruption
- Unspecified errors exist related to HTML frames and
workers using 'XMLHttpRequest' that could allow
cross-site scripting attacks. (CVE-2013-1709,
- An unspecified error exists related to generating
'Certificate Request Message Format' (CRMF) requests
that could allow cross-site scripting attacks.
- An error exists related to Java applets and 'file:///'
URIs that could allow read-only access to arbitrary
See also :
Upgrade to Thunderbird ESR 17.0.8 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true