Mozilla Thunderbird < 3.0.7 Multiple Vulnerabilities

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a mail client that is affected by
multiple vulnerabilities.

Description :

The installed version of Thunderbird is earlier than 3.0.7. Such
versions are potentially affected by the following security issues :

- Multiple memory safety bugs could lead to memory
corruption, potentially resulting in arbitrary
code execution. (MFSA 2010-49)

- An integer overflow vulnerability in HTML frameset element
implementation could lead to arbitrary code execution.
(MFSA 2010-50)

- A dangling pointer vulnerability in 'navigator.plugins'
could lead to arbitrary code execution. (MFSA 2010-51)

- It is possible to perform DLL hijacking attacks via
dwmapi.dll. (MFSA 2010-52)

- A heap overflow vulnerability in function
'nsTextFrameUtils::TransformText' could result in
arbitrary code execution on the remote system.
(MFSA 2010-53)

- A dangling pointer vulnerability reported in
MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

- By manipulating XUL <tree> objects it may be possible
to crash the application or run arbitrary code on the
remote system. (MFSA 2010-55)

- A dangling pointer vulnerability affects XUL <tree>'s
content view implementation, which could allow arbitrary
code execution on the remote system. (MFSA 2010-56)

- Code used to normalize a document could lead to a crash
or arbitrary code execution on the remote system.
(MFSA 2010-57)

- A specially crafted font could trigger memory corruption
on Mac systems, potentially resulting in arbitrary code
execution on the remote system. (MFSA 2010-58)

- It is possible to trigger a cross-site scripting
vulnerability using SJOW scripted function.
(MFSA 2010-60)

- The 'type' attribute of an <object> tag could override
charset of a framed HTML document, which could allow
an attacker to inject and execute UTF-7 encoded
JavaScript code into a website. (MFSA 2010-61)

- Copy-and-paste or drag-and-drop of an HTML selection
containing JavaScript into a designMode document
could trigger a cross-site scripting vulnerability.
(MFSA 2010-62)

- It is possible to read sensitive information via
'statusText' property of an XMLHttpRequest object.
(MFSA 2010-63)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/
http://www.nessus.org/u?390a975c

Solution :

Upgrade to Thunderbird 3.0.7 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true