Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6894

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to 17.0.7 are affected by the following vulnerabilites :

- Various, unspecified memory safety issues exist.(CVE-2013-1682, CVE-2013-1683)
- Heap-use-after-free errors exist related to 'LookupMediaElementURITable', 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
- An error exists related to 'XBL scope', 'System Only Wrappers' (SOW) and chrome-privileged pages that could allow cross-site scripting attacks. (CVE-2013-1687)
- An error exists related to the 'profiler' that could allow arbitrary code execution. (CVE-2013-1688)
- An error related to 'onreadystatechange' and unmapped memory could cause application crashes and allow arbitrary code execution. (CVE-2013-1690)
- The application sends data in the body of XMLHttpRequest (XHR) HEAD requests and could aid in cross-site request forgery attacks. (CVE-2013-1692)
- An error related to the processing of SVG content could allow a timing attack to disclose information across domains. (CVE-2013-1693)
- An error exists related to 'PreserveWrapper' and the 'preserved-wrapper' flag that could cause potentially exploitable application crashes. (CVE-2013-1694) - An error exists related to '&lt;iframe sandbox&gt;' restrictions that could allow a bypass of these restrictions. (CVE-2013-1695)
- The 'X-Frame-Options' header is ignored in certain situations and can aid in click-jacking attacks. (CVE-2013-1696)
- An error exists related to the 'toString' and 'valueOf' methods that could allow 'XrayWrappers' to be bypassed. (CVE-2013-1697)
- An error exists related to the 'getUserMedia' permission dialog that could allow a user to be tricked into giving access to unintended domains. (CVE-2013-1698)
- Homograph domain spoofing protection is incomplete and certain attacks are still possible using Internationalized Domain Names (IDN). (CVE-2013-1699)
- An error exists related to the 'Mozilla Maintenance Service' on Windows that could allow insecure updates. (CVE-2013-1700)

Solution

Upgrade to Thunderbird 17.0.7 or later.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-49.html

http://www.mozilla.org/security/announce/2013/mfsa2013-50.html

http://www.mozilla.org/security/announce/2013/mfsa2013-51.html

http://www.mozilla.org/security/announce/2013/mfsa2013-52.html

http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

http://www.mozilla.org/security/announce/2013/mfsa2013-54.html

http://www.mozilla.org/security/announce/2013/mfsa2013-55.html

http://www.mozilla.org/security/announce/2013/mfsa2013-56.html

http://www.mozilla.org/security/announce/2013/mfsa2013-57.html

http://www.mozilla.org/security/announce/2013/mfsa2013-58.html

http://www.mozilla.org/security/announce/2013/mfsa2013-59.html

http://www.mozilla.org/security/announce/2013/mfsa2013-60.html

http://www.mozilla.org/security/announce/2013/mfsa2013-61.html

http://www.mozilla.org/security/announce/2013/mfsa2013-62.html

Plugin Details

Severity: High

ID: 6894

File Name: 6894.prm

Family: SMTP Clients

Published: 2013/06/28

Modified: 2016/03/17

Dependencies: 5558

Nessus ID: 66994

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Patch Publication Date: 2013/06/25

Vulnerability Publication Date: 2013/06/25

Exploitable With

Metasploit (Firefox onreadystatechange Event DocumentViewerImpl Use After Free)

Reference Information

CVE: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699, CVE-2013-1700

BID: 60765, 60766, 60768, 60773, 60774, 60776, 60777, 60778, 60779, 60783, 60784, 60785, 60787, 60788, 60789, 60790, 60791