Mozilla Thunderbird < 3.0.1 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 801355

Synopsis

The remote host contains a mail client that is affected by multiple vulnerabilities.

Description

The installed version of Mozilla Thunderbird is earlier than 3.0.1. Such versions are potentially affected by the following security issues :

- Multiple crashes can result in arbitrary code execution. (MFSA 2009-65)

- Multiple vulnerabilities in 'liboggplay' can lead to arbitrary code execution. (MFSA 2009-66)

- An integer overflow in the 'Theora' video library can lead to a crash or the execution of arbitrary code. (MFSA 2009-67)

Solution

Upgrade to Mozilla Thunderbird 3.0.1 or later.

See Also

http://.mozilla.org/security/announce/2009/mfsa2009-65.html

http://.mozilla.org/security/announce/2009/mfsa2009-66.html

http://.mozilla.org/security/announce/2009/mfsa2009-67.html

http://.mozillamessaging.com/en-US/thunderbird/3.0.1/releasenotes

Plugin Details

Severity: High

ID: 801355

File Name: 801355.prm

Family: SMTP Clients

Published: 2010/03/04

Nessus ID: 44111

Risk Information

Risk Factor: High

CVSSv2

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/01/20

Vulnerability Publication Date: 2010/01/20

Reference Information

CVE: CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982

BID: 37361, 37362, 37363, 37364