The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2460-1 advisory.

    Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user     were tricked in to opening a specially crafted message with scripting enabled, an attacker could     potentially exploit these to cause a denial of service via application crash, or execute arbitrary code     with the privileges of the user invoking Thunderbird. (CVE-2014-8634)

    Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user     were tricked in to opening a specially crafted message with scripting enabled, an attacker could     potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638)

    Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the     originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially     exploit this to conduct session-fixation attacks. (CVE-2014-8639)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2460-1)

high Nessus Plugin ID 80851

Version 1.16