Mozilla Thunderbird < 24.1 Multiple Vulnerabilities
Critical Nessus Plugin ID 70718
SynopsisThe remote Windows host contains a mail client that is potentially affected by multiple vulnerabilities.
DescriptionThe installed version of Thunderbird is earlier than 24.1 and is, therefore, potentially affected the following vulnerabilities:
- The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (2013-1739)
- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592)
- Arbitrary HTML content can be put into 'select' elements. This can be used to spoof the displayed address bar, leading to clickjacking and other spoofing attacks. (CVE-2013-5593)
- A race condition exists during image collection on large web pages that could result in a denial of service or arbitrary code execution. (CVE-2013-5596)
- Multiple use-after-free vulnerabilities exist that could result in a denial of service or arbitrary code execution. (CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5603)
- A stack-based buffer overflow in txXPathNodeUtils::getBaseURI is possible due to uninitialized data during XSLT processing.
SolutionUpgrade to Thunderbird 24.1 or later.