Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird < 24.1 / 17.0.10 (ESR) Multiple Vulnerabilities



The remote host has an email client installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Thunderbird prior to version 24.1 (or ESR version 17.0.10) are prone to the following vulnerabilities :

- Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601) - Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602) - Use-after-free issues when interacting with HTML templates (CVE-2013-5603) - Security bypass via iframe injection using PDF.js (CVE-2013-5598) - Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739) - Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593) - Access violation due to uninitialized data in XSLT processing (CVE-2013-5604) - Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595) - Race condition causing a crash on extremely large pages (CVE-2013-5596) - A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)


Upgrade to Thunderbird 24.1 (or ESR version 17.0.10) or later.