Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.

Description :

The installed version of Thunderbird is a version prior to version
24.4. It is, therefore, potentially affected by the following
vulnerabilities :

- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1493, CVE-2014-1494)

- An issue exists where extracted files for updates are
not read-only while updating. An attacker may be able
to modify these extracted files resulting in privilege
escalation. (CVE-2014-1496)

- An out-of-bounds read error exists when decoding WAV
format audio files that could lead to a denial of
service attack or information disclosure.
(CVE-2014-1497)

- An out-of-bounds read error exists when polygons are
rendered in 'MathML' that could lead to information
disclosure. (CVE-2014-1508)

- A memory corruption issue exists in the Cairo graphics
library when rendering a PDF file that could lead to
arbitrary code execution or a denial of service attack.
(CVE-2014-1509)

- An issue exists in the SVG filters and the
feDisplacementMap element that could lead to
information disclosure via timing attacks.
(CVE-2014-1505)

- An issue exists that could allow malicious websites to
load chrome-privileged pages when JavaScript
implemented WebIDL calls the 'window.open()' function,
which could result in arbitrary code execution.
(CVE-2014-1510)

- An issue exists that could allow a malicious website to
bypass the pop-up blocker. (CVE-2014-1511)

- A use-after-free memory issue exists in 'TypeObjects'
in the JavaScript engine during Garbage Collection
that could lead to arbitrary code execution.
(CVE-2014-1512)

- An out-of-bounds write error exists due to
'TypedArrayObject' improperly handling 'ArrayBuffer'
objects that could result in arbitrary code execution.
(CVE-2014-1513)

- An out-of-bounds write error exists when copying values
from one array to another that could result in arbitrary
code execution. (CVE-2014-1514)

See also :

http://www.securityfocus.com/archive/1/531617/30/0/threaded
http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.mozilla.org/security/announce/2014/mfsa2014-17.html
http://www.mozilla.org/security/announce/2014/mfsa2014-18.html
http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.mozilla.org/security/announce/2014/mfsa2014-17.html
http://www.mozilla.org/security/announce/2014/mfsa2014-18.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.mozilla.org/security/announce/2014/mfsa2014-17.html
http://www.mozilla.org/security/announce/2014/mfsa2014-26.html
http://www.mozilla.org/security/announce/2014/mfsa2014-27.html
http://www.mozilla.org/security/announce/2014/mfsa2014-28.html
http://www.mozilla.org/security/announce/2014/mfsa2014-29.html
http://www.mozilla.org/security/announce/2014/mfsa2014-30.html
http://www.mozilla.org/security/announce/2014/mfsa2014-31.html
http://www.mozilla.org/security/announce/2014/mfsa2014-32.html

Solution :

Upgrade to Thunderbird 24.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true