Mozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities

high Nessus Plugin ID 49148

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Windows host contains a mail client that is affected by multiple vulnerabilities.

Description

The installed version of Thunderbird 3.1 is earlier than 3.1.3. Such versions are potentially affected by the following security issues :

- Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49)

- An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution.
(MFSA 2010-50)

- A dangling pointer vulnerability in 'navigator.plugins' could lead to arbitrary code execution. (MFSA 2010-51)

- It is possible to perform DLL hijacking attacks via dwmapi.dll. (MFSA 2010-52)

- A heap overflow vulnerability in function 'nsTextFrameUtils::TransformText' could result in arbitrary code execution on the remote system.
(MFSA 2010-53)

- A dangling pointer vulnerability reported in MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

- By manipulating XUL <tree> objects it may be possible to crash the application or run arbitrary code on the remote system. (MFSA 2010-55)

- A dangling pointer vulnerability affects XUL <tree>'s content view implementation, which could allow arbitrary code execution on the remote system. (MFSA 2010-56)

- Code used to normalize a document could lead to a crash or arbitrary code execution on the remote system.
(MFSA 2010-57)

- A specially crafted font could trigger memory corruption on Mac systems, potentially resulting in arbitrary code execution on the remote system. (MFSA 2010-58)

- It may be possible to run arbitrary JavaScript with chrome privileges via wrapper class XPCSafeJSObjectWrapper (SJOW). (MFSA 2010-59)

- The 'type' attribute of an <object> tag could override charset of a framed HTML document, which could allow an attacker to inject and execute UTF-7 encoded JavaScript code into a website. (MFSA 2010-61)

- Copy-and-paste or drag-and-drop of an HTML selection containing JavaScript into a designMode document could trigger a cross-site scripting vulnerability.
(MFSA 2010-62)

- It is possible to read sensitive information via 'statusText' property of an XMLHttpRequest object.
(MFSA 2010-63)

Solution

Upgrade to Thunderbird 3.1.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/

http://www.nessus.org/u?587534ee

Plugin Details

Severity: High

ID: 49148

File Name: mozilla_thunderbird_313.nasl

Version: 1.21

Type: local

Agent: windows

Family: Windows

Published: 9/8/2010

Updated: 7/16/2018

Dependencies: mozilla_org_installed.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Required KB Items: Mozilla/Thunderbird/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/7/2010

Vulnerability Publication Date: 9/7/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169, CVE-2010-2762, CVE-2010-3131

BID: 43091, 43093, 43095, 43097, 43100, 43101, 43102, 43104, 43106, 43108, 43118, 43096, 42654, 43092

Secunia: 41304