Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities

High Nessus Plugin ID 32134

Synopsis

The remote Windows host contains a mail client that is affected by multiple vulnerabilities.

Description

The installed version of Thunderbird is affected by various security issues :

- A series of vulnerabilities exist that allow for JavaScript privilege escalation and arbitrary code execution.

- Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption.

Solution

Upgrade to Mozilla Thunderbird 2.0.0.14 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/

Plugin Details

Severity: High

ID: 32134

File Name: mozilla_thunderbird_20014.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 2008/05/06

Updated: 2018/08/10

Dependencies: 20862

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: Mozilla/Thunderbird/Version

Patch Publication Date: 2008/03/25

Reference Information

CVE: CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237

CWE: 79, 94, 399