Mozilla Thunderbird < Multiple Vulnerabilities

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a mail client that is affected by
multiple vulnerabilities.

Description :

The installed version of Thunderbird is earlier than Such
versions are potentially affected by the following security issues :

- There are several stability bugs in the browser engine
that could lead to crashes with evidence of memory
corruption. (MFSA 2008-60)

- XBL bindings can be used to read data from other
domains. (MFSA 2008-61)

- Sensitive data could be disclosed in an XHR response
when an XMLHttpRequest is made to a same-origin
resource, which 302 redirects to a resource in a
different domain. (MFSA 2008-64)

- A website may be able to access a limited amount of
data from a different domain by loading a same-domain
JavaScript URL, which redirects to an off-domain target
resource containing data that is not parsable as
JavaScript. (MFSA 2008-65)

- Errors arise when parsing URLs with leading whitespace
and control characters. (MFSA 2008-66)

- An escaped null byte is ignored by the CSS parser and
treated as if it was not present in the CSS input
string. (MFSA 2008-67)

- XSS and JavaScript privilege escalation are possible.
(MFSA 2008-68)

See also :

Solution :

Upgrade to Mozilla Thunderbird or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now