New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote Mac OS X host contains an email client that is potentially affected by multiple vulnerabilities.
DescriptionThe installed version of Thunderbird 7.x is potentially affected by the following security issues :
- Certain invalid sequences are not handled properly in 'Shift-JIS' encoding, which can allow cross-site scripting attacks. (CVE-2011-3648)
- Multiple memory safety issues exist. (CVE-2011-3651)
- An unchecked memory allocation failure can cause the application to crash. (CVE-2011-3652)
- An issue with WebGL graphics and GPU drivers can allow cross-origin image theft. (CVE-2011-3653)
- An error exists related to SVG 'mpath' linking to a non-SVG element, which can result in potentially exploitable application crashes. (CVE-2011-3654)
- An error in internal privilege checking can allow web content to obtain elevated privileges.
SolutionUpgrade to Thunderbird 8.0 or later.