Mozilla Thunderbird 3.1.x < 3.1.10 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801271

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Thunderbird 3.1.x earlier than 3.1.10 are potentially affected by multiple vulnerabilities :

- Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)

- The 'resource:' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)

Solution

Upgrade to Thunderbird 3.1.10 or later.

See Also

http://.mozilla.org/security/announce/2011/mfsa2011-12.html

http://.mozilla.org/security/known-vulnerabilities/thunderbird31.html#thunderbird3.1.10

http://.mozilla.org/security/announce/2011/mfsa2011-16.html

Plugin Details

Severity: High

ID: 801271

Family: SMTP Clients

Published: 4/29/2011

Nessus ID: 53596

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 4/28/2011

Vulnerability Publication Date: 4/28/2011

Reference Information

CVE: CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0079, CVE-2011-0080, CVE-2011-0081

BID: 47641, 47646, 47647, 47648, 47651, 47653, 47654, 47656, 47666, 47635, 57655, 47657