Mozilla Thunderbird < 10.0 Multiple Vulnerabilities
High Nessus Plugin ID 57770
The remote Windows host contains a mail client that is potentially affected by several vulnerabilities.
The installed version of Thunderbird is earlier than 10.0 and thus, is potentially affected by the following security issues : - A use-after-free error exists related to removed nsDOMAttribute child nodes.(CVE-2011-3659) - Various memory safety issues exist. (CVE-2012-0442, CVE-2012-0443) - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449) - The HTML5 frame navigation policy can be violated by allowing an attacker to replace a sub-frame in another domain's document. (CVE-2012-0445) - Scripts in frames are able to bypass security restrictions in XPConnect. This bypass can allow malicious websites to carry out cross-site scripting attacks. (CVE-2012-0446) - An information disclosure issue exists when uninitialized memory is used as padding when encoding icon images. (CVE-2012-0447)