Mozilla Thunderbird < 38.4 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9151

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to 38.4 are outdated and thus unpatched for the following vulnerabilities :

- Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4513, CVE-2015-4514)
- An unspecified use-after-poison flaw exists in the 'sec_asn1d_parse_leaf()' function in Mozilla Network Security Services (NSS) due to improper restriction of access to an unspecified data structure. A remote attacker can exploit this, via crafted OCTET STRING data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7181)
- A heap buffer overflow condition exists in the ASN.1 decoder in Mozilla Network Security Services (NSS) due to improper validation of user-supplied input. A remote attacker can exploit this, via crafted OCTET STRING data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7182)
- An integer overflow condition exists in the 'PL_ARENA_ALLOCATE' macro in the Netscape Portable Runtime (NSPR) due to improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7183)
- A same-origin bypass vulnerability exists due to improper handling of trailing whitespaces in the IP address hostname. A remote attacker can exploit this, by appending whitespace characters to an IP address string, to bypass the same-origin policy and conduct a cross-site scripting attack. (CVE-2015-7188)
- A race condition exists in the 'JPEGEncoder()' function due to improper validation of user-supplied input when handling canvas elements. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7189)
- A cross-origin resource sharing (CORS) request bypass vulnerability exists due to improper implementation of the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation. A remote attacker can exploit this to perform a simple request instead of a 'preflight' request. (CVE-2015-7193)
- A buffer underflow condition exists in libjar due to improper validation of user-supplied input when handling ZIP archives. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7194)
- A security bypass vulnerability exists due to improperly controlling the ability of a web worker to create a WebSocket object in the 'WebSocketImpl::Init()' method. A remote attacker can exploit this to bypass intended mixed-content restrictions. (CVE-2015-7197)
- A buffer overflow condition exists in 'TextureStorage11' in ANGLE due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7198)
- A flaw exists in the 'AddWeightedPathSegLists()' function due to missing return value checks during SVG rendering. A remote attacker can exploit this, via a crafted SVG document, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7199)
- A flaw exists in the CryptoKey interface implementation due to missing status checks. A remote attacker can exploit this to make changes to cryptographic keys and execute arbitrary code. (CVE-2015-7200)

Solution

Upgrade to Thunderbird 38.4 or later.

See Also

https://www.mozilla.org/en-US/thunderbird/38.4.0/releasenotes

https://www.mozilla.org/en-US/security/advisories/mfsa2015-116

https://www.mozilla.org/en-US/security/advisories/mfsa2015-122

https://www.mozilla.org/en-US/security/advisories/mfsa2015-123

https://www.mozilla.org/en-US/security/advisories/mfsa2015-127

https://www.mozilla.org/en-US/security/advisories/mfsa2015-128

https://www.mozilla.org/en-US/security/advisories/mfsa2015-131

https://www.mozilla.org/en-US/security/advisories/mfsa2015-132

https://www.mozilla.org/en-US/security/advisories/mfsa2015-133

Plugin Details

Severity: High

ID: 9151

Family: SMTP Clients

Published: 2016/03/17

Modified: 2016/03/17

Dependencies: 5558

Nessus ID: 87110

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Patch Publication Date: 2015/11/23

Vulnerability Publication Date: 2015/11/23

Reference Information

CVE: CVE-2015-4513, CVE-2015-4514, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200

BID: 77411, 77415, 77416