SynopsisThe remote Windows host contains a mail client that is affected by multiple vulnerabilities.
DescriptionThe version of Thunderbird 24.x installed on the remote host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities :
- Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562)
- A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution.
A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
SolutionUpgrade to Thunderbird 24.8 or later.