Mozilla Thunderbird ESR < 17.0.10 Multiple Vulnerabilities

High Nessus Plugin ID 70717


The remote Windows host contains a mail client that is potentially affected by multiple vulnerabilities.


The installed version of Thunderbird ESR is earlier than 17.0.10 and is, therefore, potentially affected the following vulnerabilities:

- The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (2013-1739)

- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592)

- Memory issues exist in the JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5595, CVE-2013-5602)

- Multiple use-after-free vulnerabilities exist that could result in a denial of service or arbitrary code execution. (CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)

- A stack-based buffer overflow in txXPathNodeUtils::getBaseURI is possible due to uninitialized data during XSLT processing.


Upgrade to Thunderbird ESR 17.0.10 or later.

See Also

Plugin Details

Severity: High

ID: 70717

File Name: mozilla_thunderbird_17010_esr.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Family: Windows

Published: 2013/10/31

Modified: 2017/06/09

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: Mozilla/Thunderbird/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/29

Vulnerability Publication Date: 2013/10/29

Reference Information

CVE: CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604

BID: 62966, 63405, 63415, 63417, 63418, 63421, 63422, 63423, 63424, 63427, 63428, 63430

OSVDB: 98402, 99082, 99083, 99084, 99086, 99087, 99089, 99091, 99092, 99093, 99094