Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)

High Nessus Plugin ID 56757


The remote Mac OS X host contains an email client that is potentially affected by multiple vulnerabilities.


The installed version of Thunderbird 3.1 is earlier than 3.1.16. Such versions are potentially affected by the following security issues :

- There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an attacker could exploit this issue to execute arbitrary code.

- Certain invalid sequences are not handled properly in 'Shift-JIS' encoding, which can allow cross-site scripting attacks. (CVE-2011-3648)

- Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650)


Upgrade to Thunderbird 3.1.16 or later.

See Also

Plugin Details

Severity: High

ID: 56757

File Name: macosx_thunderbird_3_1_16.nasl

Version: $Revision: 1.8 $

Type: local

Agent: macosx

Published: 2011/11/09

Modified: 2017/06/06

Dependencies: 56557

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: MacOSX/Thunderbird/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/11/08

Vulnerability Publication Date: 2011/11/08

Reference Information

CVE: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650

BID: 50589, 50593, 50595

OSVDB: 76947, 76948, 76952

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990