Mozilla Thunderbird < 1.5.0.13 / 2.0.0.6 Multiple Vulnerabilities

This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a mail client that is affected by
multiple vulnerabilities.

Description :

The installed version of Mozilla Thunderbird allows unescaped URIs to
be passed to external programs, which could lead to execution of
arbitrary code, as well as privilege escalation attacks against
addons that create 'about:blank' windows and populate them in
certain ways.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2007-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2007-27/

Solution :

Upgrade to Mozilla Thunderbird 1.5.0.13 / 2.0.0.6 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25837 ()

Bugtraq ID: 25053
25142

CVE ID: CVE-2007-3844
CVE-2007-3845

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now