Mozilla Thunderbird < 1.0.7 IDN URL Domain Name Overflow

This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.


Synopsis :

The remote version of Mozilla Thunderbird suffers from several flaws.

Description :

The remote host is using Mozilla Thunderbird, an email client.

The remote version of this software contains various security issues
that could allow an attacker to execute arbitrary code on the remote
host and to disguise URLs.

See also :

http://www.securityfocus.com/archive/1/407704
http://security-protocols.com/advisory/sp-x17-advisory.txt
http://www.nessus.org/u?11c09cbe

Solution :

Upgrade to Thunderbird 1.0.7 or disable IDN support in the browser
following the instructions in the vendor's advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 19694 ()

Bugtraq ID: 14784

CVE ID: CVE-2005-2871

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now