Mozilla Thunderbird < 2.0.0.16 Multiple Vulnerabilities

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a mail client that is affected by
multiple vulnerabilities.

Description :

The installed version of Thunderbird is affected by various security
issues :

- Several stability bugs exist leading to crashes which,
in some cases, show traces of memory corruption
(MFSA 2008-21).

- By taking advantage of the privilege level stored in
the pre-compiled 'fastload' file, an attacker may be
able to run arbitrary JavaScript code with chrome
privileges (MFSA 2008-24).

- Arbitrary code execution is possible in
'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25).

- Several function calls in the MIME handling code
use unsafe versions of string routines (MFSA 2008-26).

- An improperly encoded '.properties' file in an add-on
can result in uninitialized memory being used, which
could lead to data formerly used by other programs
being exposed to the add-on code (MFSA 2008-29).

- A weakness in the trust model regarding alt names on
peer-trusted certs could lead to spoofing secure
connections to any other site (MFSA 2008-31).

- A crash in Mozilla's block reflow code could be used
by an attacker to crash the browser and run arbitrary
code on the victim's computer (MFSA 2008-33).

- By creating a very large number of references to a
common CSS object, an attacker can overflow the CSS
reference counter, causing a crash when the browser
attempts to free the CSS object while still in use
and allowing for arbitrary code execution
(MFSA 2008-34).

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2008-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-31/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-33/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-34/

Solution :

Upgrade to Mozilla Thunderbird 2.0.0.16 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now