SynopsisThe remote Windows host contains a mail client that is affected by multiple vulnerabilities.
DescriptionThe version of Thunderbird installed on the remote Windows host is prior to 31.6. It is, therefore, affected by the following vulnerabilities :
- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. (CVE-2015-0801)
- A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
- Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code.
SolutionUpgrade to Thunderbird 31.6 or later.