SynopsisThe remote Windows host contains a mail client that is potentially affected by multiple vulnerabilities.
DescriptionThe installed version of Thunderbird is a version prior to 17.0.8 and is, therefore, potentially affected by the following vulnerabilities :
- Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702)
- Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705)
- Errors exist related to the update service and 'maintenanceservice.exe' that could allow buffer overflows when handling unexpectedly long path values.
- An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708)
(CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714)
- An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks.
- DLL path loading errors exist related to the update service, full installer and the stub installer that could allow execution of arbitrary code.
- An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)
SolutionUpgrade to Thunderbird 17.0.8 or later.