Mozilla Thunderbird < 3.0.7 Multiple Vulnerabilities

High Nessus Plugin ID 49147


The remote Windows host contains a mail client that is affected by multiple vulnerabilities.


The installed version of Thunderbird is earlier than 3.0.7. Such versions are potentially affected by the following security issues :

- Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49)

- An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution.
(MFSA 2010-50)

- A dangling pointer vulnerability in 'navigator.plugins' could lead to arbitrary code execution. (MFSA 2010-51)

- It is possible to perform DLL hijacking attacks via dwmapi.dll. (MFSA 2010-52)

- A heap overflow vulnerability in function 'nsTextFrameUtils::TransformText' could result in arbitrary code execution on the remote system.
(MFSA 2010-53)

- A dangling pointer vulnerability reported in MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

- By manipulating XUL <tree> objects it may be possible to crash the application or run arbitrary code on the remote system. (MFSA 2010-55)

- A dangling pointer vulnerability affects XUL <tree>'s content view implementation, which could allow arbitrary code execution on the remote system. (MFSA 2010-56)

- Code used to normalize a document could lead to a crash or arbitrary code execution on the remote system.
(MFSA 2010-57)

- A specially crafted font could trigger memory corruption on Mac systems, potentially resulting in arbitrary code execution on the remote system. (MFSA 2010-58)
- It is possible to trigger a cross-site scripting vulnerability using SJOW scripted function.
(MFSA 2010-60)

- The 'type' attribute of an <object> tag could override charset of a framed HTML document, which could allow an attacker to inject and execute UTF-7 encoded JavaScript code into a website. (MFSA 2010-61)

- Copy-and-paste or drag-and-drop of an HTML selection containing JavaScript into a designMode document could trigger a cross-site scripting vulnerability. (MFSA 2010-62)

- It is possible to read sensitive information via 'statusText' property of an XMLHttpRequest object.
(MFSA 2010-63)


Upgrade to Thunderbird 3.0.7 or later.

See Also

Plugin Details

Severity: High

ID: 49147

File Name: mozilla_thunderbird_307.nasl

Version: $Revision: 1.20 $

Type: local

Agent: windows

Family: Windows

Published: 2010/09/08

Modified: 2017/06/09

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: Mozilla/Thunderbird/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/09/07

Vulnerability Publication Date: 2010/09/07

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3131, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169

BID: 42654, 43091, 43093, 43094, 43095, 43096, 43097, 43100, 43101, 43102, 43104, 43106, 43108, 43118

OSVDB: 66601, 67502, 67901, 67902, 67903, 67904, 67905, 67906, 67907, 67908, 67910, 67911, 67912, 67913

Secunia: 41304