Thunderbird 10.0.x < 10.0.4 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 58895
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.8

Synopsis

The remote Mac OS X host contains a mail client that is potentially affected by several vulnerabilities.

Description

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues :

- An off-by-one error exists in the 'OpenType Sanitizer' which can lead to out-bounds-reads and possible code execution. (CVE-2011-3062)

- Memory safety issues exist that could lead to arbitrary code execution. (CVE-2012-0467)

- A use-after-free error exists related to 'IDBKeyRange' of 'indexedDB'. (CVE-2012-0469)

- Heap-corruption errors exist related to 'gfxImageSurface' which can lead to possible code execution. (CVE-2012-0470)

- A multi-octet encoding issue exists which can allow cross-site scripting attacks as certain octets in multibyte character sets can destroy following octets.
(CVE-2012-0471)

- An error exists in 'WebGLBuffer' that can lead to the reading of illegal video memory. (CVE-2012-0473)

- An unspecified error can allow URL bar spoofing.
(CVE-2012-0474)

- A decoding issue exists related to 'ISO-2022-KR' and 'ISO-2022-CN' character sets which can lead to cross- site scripting attacks. (CVE-2012-0477)
- An error exists related to 'WebGL' and 'texImage2D' that can allow application crashes and possibly code execution when 'JSVAL_TO_OBJECT' is used on ordinary objects. (CVE-2012-0478)

- Address bar spoofing is possible when 'Atom XML' or 'RSS' data is loaded over HTTPS leading to phishing attacks. (CVE-2012-0479)

Solution

Upgrade to Thunderbird 10.0.4 ESR or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/

Plugin Details

Severity: High

ID: 58895

File Name: macosx_thunderbird_10_0_4.nasl

Version: 1.14

Type: local

Agent: macosx

Published: 4/27/2012

Updated: 7/16/2018

Dependencies: 56557

Risk Information

Risk Factor: High

VPR Score: 8.8

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Required KB Items: MacOSX/Thunderbird/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/24/2012

Vulnerability Publication Date: 4/24/2012

Reference Information

CVE: CVE-2011-3062, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479

BID: 53219, 53220, 53222, 53223, 53224, 53225, 53227, 53228, 53229, 53231

CWE: 20, 79, 74, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990