This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.
The remote Windows host contains a mail client that is affected by
The installed version of Thunderbird is affected by various security
- Several stability bugs exist leading to crashes which,
in some cases, show traces of memory corruption
- By taking advantage of the privilege level stored in
the pre-compiled 'fastload' file, an attacker may be
privileges (MFSA 2008-24).
- Arbitrary code execution is possible in
'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).
- Several function calls in the MIME handling code
use unsafe versions of string routines (MFSA 2008-26).
- An improperly encoded '.properties' file in an add-on
can result in uninitialized memory being used, which
could lead to data formerly used by other programs
being exposed to the add-on code (MFSA 2008-29).
- A weakness in the trust model regarding alt names on
peer-trusted certs could lead to spoofing secure
connections to any other site (MFSA 2008-31).
- A crash in Mozilla's block reflow code could be used
by an attacker to crash the browser and run arbitrary
code on the victim's computer (MFSA 2008-33).
- By creating a very large number of references to a
common CSS object, an attacker can overflow the CSS
reference counter, causing a crash when the browser
attempts to free the CSS object while still in use
and allowing for arbitrary code execution
See also :
Upgrade to Mozilla Thunderbird 220.127.116.11 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Nessus Plugin ID: 33563 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now