Mozilla Thunderbird < 3.0.1 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801355

Synopsis

The remote host contains a mail client that is affected by multiple vulnerabilities.

Description

The installed version of Mozilla Thunderbird is earlier than 3.0.1. Such versions are potentially affected by the following security issues :

- Multiple crashes can result in arbitrary code execution. (MFSA 2009-65)

- Multiple vulnerabilities in 'liboggplay' can lead to arbitrary code execution. (MFSA 2009-66)

- An integer overflow in the 'Theora' video library can lead to a crash or the execution of arbitrary code. (MFSA 2009-67)

Solution

Upgrade to Mozilla Thunderbird 3.0.1 or later.

See Also

http://.mozilla.org/security/announce/2009/mfsa2009-65.html

http://.mozilla.org/security/announce/2009/mfsa2009-66.html

http://.mozilla.org/security/announce/2009/mfsa2009-67.html

http://.mozillamessaging.com/en-US/thunderbird/3.0.1/releasenotes

Plugin Details

Severity: High

ID: 801355

Family: SMTP Clients

Published: 3/4/2010

Nessus ID: 44111

Vulnerability Information

Patch Publication Date: 1/20/2010

Vulnerability Publication Date: 1/20/2010

Reference Information

CVE: CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982

BID: 37361, 37362, 37363, 37364