SynopsisThe remote Windows host contains a mail client that is affected by multiple vulnerabilities.
DescriptionThe installed version of Thunderbird is earlier than 22.214.171.124. Such versions are potentially affected by the following security issues :
- When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage this to launch cross-site request forgery attacks. It is also possible to exploit this to place cookie-like objects on victim's computers.
- Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code.
- It may be possible to tamper with SSL data via non-200 responses to proxy CONNECT requests. (MFSA 2009-27)
- It may be possible to crash Thunderbird while viewing a 'multipart/alternative' mail message with a 'text/enhanced' part. (MFSA 2009-33)
SolutionUpgrade to Mozilla Thunderbird 126.96.36.199 or later.