Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801326
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a mail client installed that is vulnerable to multiple vulnerabilities

Description

Versions of Thunderbird prior to 17.0.7 are potentially affected by the following vulnerabilities :

- Various, unspecified memory safety issues exist.(CVE-2013-1682, CVE-2013-1683)\m\m - Heap-use-after-free errors exist related to 'LookupMediaElementURITable', 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)

- An error exists related to 'XBL scope', 'System Only Wrappers' (SOW) and chrome-privileged pages that could allow cross-site scripting attacks. (CVE-2013-1687)

- An error exists related to the 'profiler' that could allow arbitrary code execution. (CVE-2013-1688)

- An error related to 'onreadystatechange' and unmapped memory could cause application crashes and allow arbitrary code execution. (CVE-2013-1690)

- The application sends data in the body of XMLHttpRequest (XHR) HEAD requests and could aid in cross-site request forgery attacks. (CVE-2013-1692)

- An error related to the processing of SVG content could allow a timing attack to disclose information across domains. (CVE-2013-1693)

- An error exists related to 'PreserveWrapper' and the 'preserved-wrapper' flag that could cause potentially exploitable application crashes. (CVE-2013-1694) - An error exists related to '&lt;iframe sandbox&gt;' restrictions that could allow a bypass of these restrictions. (CVE-2013-1695)

- The 'X-Frame-Options' header is ignored in certain situations and can aid in click-jacking attacks. (CVE-2013-1696)

- An error exists related to the 'toString' and 'valueOf' methods that could allow 'XrayWrappers' to be bypassed. (CVE-2013-1697)

- An error exists related to the 'getUserMedia' permission dialog that could allow a user to be tricked into giving access to unintended domains. (CVE-2013-1698)

- Homograph domain spoofing protection is incomplete and certain attacks are still possible using Internationalized Domain Names (IDN). (CVE-2013-1699)

- An error exists related to the 'Mozilla Maintenance Service' on Windows that could allow insecure updates. (CVE-2013-1700)

Solution

Upgrade to Thunderbird 17.0.7 or later.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-49.html

http://www.mozilla.org/security/announce/2013/mfsa2013-50.html

http://www.mozilla.org/security/announce/2013/mfsa2013-51.html

http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

http://www.mozilla.org/security/announce/2013/mfsa2013-54.html

http://www.mozilla.org/security/announce/2013/mfsa2013-55.html

http://www.mozilla.org/security/announce/2013/mfsa2013-59.html

http://www.mozilla.org/security/announce/2013/mfsa2013-62.html

http://www.mozilla.org/security/announce/2013/mfsa2013-61.html

http://www.mozilla.org/security/announce/2013/mfsa2013-60.html

http://www.mozilla.org/security/announce/2013/mfsa2013-58.html

http://www.mozilla.org/security/announce/2013/mfsa2013-57.html

http://www.mozilla.org/security/announce/2013/mfsa2013-56.html

http://www.mozilla.org/security/announce/2013/mfsa2013-52.html

Plugin Details

Severity: High

ID: 801326

Family: SMTP Clients

Published: 6/28/2013

Updated: 6/28/2013

Nessus ID: 66994

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 6/25/2013

Vulnerability Publication Date: 6/25/2013

Reference Information

CVE: CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697, CVE-2013-1683, CVE-2013-1688, CVE-2013-1695, CVE-2013-1696, CVE-2013-1698, CVE-2013-1699, CVE-2013-1700

BID: 60765, 60766, 60773, 60774, 60776, 60777, 60778, 60783, 60784, 60787, 60768, 60779, 60785, 60788, 60789, 60790, 60791