Mozilla Thunderbird < 31.5 Multiple Vulnerabilities (Mac OS X)

High Nessus Plugin ID 81519


The remote Mac OS X host contains a mail client that is affected by multiple vulnerabilities.


The version of Thunderbird installed on the remote Mac OS X host is prior to 31.5. It is, therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability exists related to the autocomplete feature that allows an attacker to read arbitrary files. (CVE-2015-0822)

- An out-of-bounds read and write issue exists when processing invalid SVG graphic files. This allows an attacker to disclose sensitive information.

- A use-after-free issue exists when running specific web content with 'IndexedDB' to create an index, resulting in a denial of service condition or arbitrary code execution. (CVE-2015-0831)

- Multiple unspecified memory safety issues exist within the browser engine. (CVE-2015-0835, CVE-2015-0836)


Upgrade to Thunderbird 31.5 or later.

See Also

Plugin Details

Severity: High

ID: 81519

File Name: macosx_thunderbird_31_5.nasl

Version: $Revision: 1.6 $

Type: local

Agent: macosx

Published: 2015/02/25

Modified: 2016/05/17

Dependencies: 56557

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: MacOSX/Thunderbird/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/02/24

Vulnerability Publication Date: 2015/02/24

Reference Information

CVE: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0835, CVE-2015-0836

BID: 72742, 72746, 72748, 72755, 72756

OSVDB: 118696, 118699, 118704, 118707, 118709, 118710, 118711, 118712, 118713, 118714, 118715, 118716, 118717, 118718, 118719, 118720, 118721, 118722, 118723, 118724, 118725, 118726, 118727