Mozilla Thunderbird 10.0.x < 10.0.4 Multiple Vulnerabilities

high Nessus Plugin ID 58899

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.8

Synopsis

The remote Windows host contains a mail client that is potentially affected by several vulnerabilities.

Description

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues :

 - An off-by-one error exists in the 'OpenType Sanitizer' that could lead to out-bounds-reads and possible code execution. (CVE-2011-3062)

 - Memory safety issues exist that could lead to arbitrary code execution. (CVE-2012-0467)

 - A use-after-free error exists related to 'IDBKeyRange' of 'indexedDB'. (CVE-2012-0469)

 - Heap-corruption errors exist related to 'gfxImageSurface' that could lead to possible code execution. (CVE-2012-0470)

 - A multi-octet encoding issue exists that could allow cross-site scripting attacks as certain octets in multibyte character sets can destroy following octets.
 (CVE-2012-0471)

 - An error exists related to font rendering with 'cairo- dwrite' that could cause memory corruption leading to crashes and potentially code execution. (CVE-2012-0472)

 - An error exists in 'WebGLBuffer' that could lead to the reading of illegal video memory. (CVE-2012-0473)

 - An unspecified error could allow URL bar spoofing.
 (CVE-2012-0474)

 - A decoding issue exists related to 'ISO-2022-KR' and 'ISO-2022-CN' character sets that could lead to cross- site scripting attacks. (CVE-2012-0477)
- An error exists related to 'WebGL' and 'texImage2D' that could allow application crashes and possibly code execution when 'JSVAL_TO_OBJECT' is used on ordinary objects. (CVE-2012-0478)

 - Address bar spoofing is possible when 'Atom XML' or 'RSS' data is loaded over HTTPS leading to phishing attacks. (CVE-2012-0479)

Solution

Upgrade to Thunderbird 10.0.4 ESR or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/

Plugin Details

Severity: High

ID: 58899

File Name: mozilla_thunderbird_1004.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 4/27/2012

Updated: 7/17/2018

Dependencies: mozilla_org_installed.nasl

Risk Information

Risk Factor: High

VPR Score: 8.8

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Required KB Items: Mozilla/Thunderbird/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/24/2012

Vulnerability Publication Date: 4/24/2012

Reference Information

CVE: CVE-2011-3062, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479

BID: 53218, 53219, 53220, 53222, 53223, 53224, 53225, 53227, 53228, 53229, 53231

CWE: 20, 79, 74, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990