Mozilla Thunderbird < Multiple Vulnerabilities

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a mail client that is affected by
multiple vulnerabilities.

Description :

The installed version of Thunderbird is affected by various security
issues :

- Several stability bugs exist leading to crashes which,
in some cases, show traces of memory corruption
(MFSA 2008-21).

- By taking advantage of the privilege level stored in
the pre-compiled 'fastload' file, an attacker may be
able to run arbitrary JavaScript code with chrome
privileges (MFSA 2008-24).

- Arbitrary code execution is possible in
'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).

- Several function calls in the MIME handling code
use unsafe versions of string routines (MFSA 2008-26).

- An improperly encoded '.properties' file in an add-on
can result in uninitialized memory being used, which
could lead to data formerly used by other programs
being exposed to the add-on code (MFSA 2008-29).

- A weakness in the trust model regarding alt names on
peer-trusted certs could lead to spoofing secure
connections to any other site (MFSA 2008-31).

- A crash in Mozilla's block reflow code could be used
by an attacker to crash the browser and run arbitrary
code on the victim's computer (MFSA 2008-33).

- By creating a very large number of references to a
common CSS object, an attacker can overflow the CSS
reference counter, causing a crash when the browser
attempts to free the CSS object while still in use
and allowing for arbitrary code execution
(MFSA 2008-34).

See also :

Solution :

Upgrade to Mozilla Thunderbird or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now