Detections
Analytics
Thunderbird ESR 17.x < 17.0.9 Multiple Vulnerabilities (Mac OS X)
critical Nessus Plugin ID 69990
Language:
Synopsis
The remote Mac OS X host contains a mail client that is potentially affected by multiple vulnerabilities.Description
The installed version of Thunderbird ESR 17.x is prior to 17.0.9 and is, therefore, potentially affected the following vulnerabilities :- Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution.
(CVE-2013-1718, CVE-2013-1719)
- Multiple use-after-free problems exist that could result in denial of service attacks or arbitrary code execution. (CVE-2013-1735, CVE-2013-1736)
- A buffer overflow is possible because of an issue with multi-column layouts. (CVE-2013-1732)
- A JavaScript compartment mismatch could result in a denial of service or arbitrary code execution. Versions of Firefox 20 or greater are not susceptible to the arbitrary code execution mentioned above.
(CVE-2013-1730)
- Incorrect scope handling for JavaScript objects with compartments could result in denial of service or possibly arbitrary code execution. (CVE-2013-1725)
- An object is not properly identified during use of user-defined getter methods on DOM proxies. This could result in access restrictions being bypassed.
(CVE-2013-1737)
Solution
Upgrade to Thunderbird ESR 17.0.9 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/
Plugin Details
Severity: Critical
ID: 69990
File Name: macosx_thunderbird_17_0_9_esr.nasl
Version: 1.8
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/19/2013
Updated: 11/27/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-1736
Vulnerability Information
CPE: cpe:/a:mozilla:thunderbird
Required KB Items: MacOSX/Thunderbird/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 9/17/2013
Vulnerability Publication Date: 9/17/2013
Reference Information
CVE: CVE-2013-1718, CVE-2013-1719, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737