Thunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X)

critical Nessus Plugin ID 64720

Language:

Synopsis

The remote Mac OS X host contains a mail client that is potentially affected by several vulnerabilities.

Description

The installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues :

 - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784)

 - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772)

 - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765)

 - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773)

 - The file system location of the active browser profile could be disclosed and used in further attacks.
 (CVE-2013-0774)

 - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775)

 - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code.
 (CVE-2013-0776)

 - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777)

 - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778)

 - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779)

 - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780)

 - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781)

 - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'.
 (CVE-2013-0782)

Solution

Upgrade to Thunderbird 17.0.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2013-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-28/

Plugin Details

Severity: Critical

ID: 64720

File Name: macosx_thunderbird_17_0_3.nasl

Version: 1.11

Type: local

Agent: macosx

Published: 2/20/2013

Updated: 12/4/2019

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2013-0784

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: MacOSX/Thunderbird/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 2/19/2013

Vulnerability Publication Date: 2/19/2013

Reference Information

CVE: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784

BID: 58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051