This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird is a version prior to version
24.5. It is, therefore, potentially affected by the following
- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1518, CVE-2014-1519)
- An out-of-bounds read issue exists when decoding
certain JPG images that could lead to a denial of
- A memory corruption issue exists due to improper
validation of XBL objects that could lead to arbitrary
code execution. (CVE-2014-1524)
- A security bypass issue exists in the Web Notification
API that could lead to arbitrary code execution.
- A cross-site scripting issue exists that could allow an
attacker to load another website other than the URL for
the website that is shown in the address bar.
- A use-after-free issue exists due to an 'imgLoader'
object being freed when being resized. This issue
could lead to arbitrary code execution. (CVE-2014-1531)
- A use-after-free issue exists during host resolution
that could lead to arbitrary code execution.
See also :
Upgrade to Thunderbird 24.5 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false