This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird ESR 17.x is prior to 17.0.9 and
is, therefore, potentially affected the following vulnerabilities :
- Memory issues exist in the browser engine that could
allow for denial of service or arbitrary code execution.
- Multiple use-after-free problems exist that could result
in denial of service attacks or arbitrary code
execution. (CVE-2013-1735, CVE-2013-1736)
- A buffer overflow is possible because of an issue with
multi-column layouts. (CVE-2013-1732)
denial of service or arbitrary code execution. Versions
of Firefox 20 or greater are not susceptible to the
arbitrary code execution mentioned above.
compartments could result in denial of service or
possibly arbitrary code execution. (CVE-2013-1725)
- An object is not properly identified during use of
user-defined getter methods on DOM proxies. This could
result in access restrictions being bypassed.
See also :
Upgrade to Thunderbird ESR 17.0.9 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false