This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.
The remote Windows host contains a mail client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird is earlier than 8.0 and thus, is
potentially affected by the following security issues :
- Certain invalid sequences are not handled properly in
'Shift-JIS' encoding and can allow cross-site scripting
- The addition of the 'Azure' graphics functionality re-
introduced a cross-origin information disclosure issue
previously described in CVE-2011-2986. (CVE-2011-3649)
the application to crash. It may be possible to trigger
this behavior even when the debugging APIs are not being
- Multiple memory safety issues exist. (CVE-2011-3651)
- An unchecked memory allocation failure can cause the
application to crash. (CVE-2011-3652)
- An issue with WebGL graphics and GPU drivers can allow
allow cross-origin image theft. (CVE-2011-3653)
- An error exists related to SVG 'mpath' linking to a
non-SVG element and can result in potentially
exploitable application crashes. (CVE-2011-3654)
- An error in internal privilege checking can allow
web content to obtain elevated privileges.
See also :
Upgrade to Thunderbird 8 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Nessus Plugin ID: 56753 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now