Mozilla Thunderbird < 31.5 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 81519

Language:

Synopsis

The remote Mac OS X host contains a mail client that is affected by multiple vulnerabilities.

Description

The version of Thunderbird installed on the remote Mac OS X host is prior to 31.5. It is, therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability exists related to the autocomplete feature that allows an attacker to read arbitrary files. (CVE-2015-0822)

- An out-of-bounds read and write issue exists when processing invalid SVG graphic files. This allows an attacker to disclose sensitive information.
(CVE-2015-0827)

- A use-after-free issue exists when running specific web content with 'IndexedDB' to create an index, resulting in a denial of service condition or arbitrary code execution. (CVE-2015-0831)

- Multiple unspecified memory safety issues exist within the browser engine. (CVE-2015-0835, CVE-2015-0836)

Solution

Upgrade to Thunderbird 31.5 or later.

Plugin Details

Severity: High

ID: 81519

File Name: macosx_thunderbird_31_5.nasl

Version: 1.8

Type: local

Agent: macosx

Family: MacOS X Local Security Checks

Published: 2/25/2015

Updated: 11/25/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-0836

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: MacOSX/Thunderbird/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 2/24/2015

Vulnerability Publication Date: 2/24/2015

Reference Information

CVE: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0835, CVE-2015-0836

BID: 72742, 72746, 72748, 72755, 72756

Detections

Analytics