Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 73097

Synopsis

The remote Mac OS X host contains a mail client that is potentially affected by multiple vulnerabilities.

Description

The installed version of Thunderbird is a version prior to version 24.4. It is, therefore, potentially affected by the following vulnerabilities :

- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)

- An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)

- An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.
(CVE-2014-1497)

- An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)

- A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.
(CVE-2014-1509)

- An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.
(CVE-2014-1505)

- An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.
(CVE-2014-1510)

- An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)

- A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.
(CVE-2014-1512)

- An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.
(CVE-2014-1513)

- An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)

Solution

Upgrade to Thunderbird 24.4 or later.

See Also

http://www.securityfocus.com/archive/1/531617/30/0/threaded

https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/

Plugin Details

Severity: High

ID: 73097

File Name: macosx_thunderbird_24_4.nasl

Version: 1.15

Type: local

Agent: macosx

Published: 3/19/2014

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: MacOSX/Thunderbird/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2014

Vulnerability Publication Date: 3/18/2014

Exploitable With

Metasploit (Firefox WebIDL Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514

BID: 66203, 66206, 66207, 66209, 66240, 66412, 66416, 66418, 66419, 66423, 66425, 66426