Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird 3.1.x < 3.1.8 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Thunderbird 3.1.x earlier than 3.1.8 are potentially affected by multiple vulnerabilities :

- Multiple memory corruption issues exists which could lead to arbitrary code execution. (MFSA 2011-01)

- An input validation error exists int he class, 'ParanoidFragmentSink', which allows inline JavaScript and 'javascript:' URLs in a chrome document. Note that no unsafe usage occurs in Mozilla products, however community generated extensions could. (MFSA 2011-08)

- A buffer overflow exist related to JPEG decoding and may lead to arbitrary code execution. (MFSA 2011-09)

Solution

Upgrade to Thunderbird 3.1.8 or later.