Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird < 31.2 Multiple Vulnerabilities



The remote host has an email client installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Thunderbird prior to 31.2 are prone to the following vulnerabilities :

- Buffer overflow vulnerability exists when capitalization style changes occur during CSS parsing. (CVE-2014-1576) - Out-of-bounds read error exists in the Web Audio component when invalid values are used in custom waveforms, which can lead to a denial of service or information disclosure. (CVE-2014-1577) - Out-of-bounds write error when processing invalid tile sizes in 'WebM' format videos can be leveraged for arbitrary code execution. (CVE-2014-1578) - Use-after-free error in the 'DirectionalityUtils' component when text direction is used in the text layout can be leveraged for arbitrary code execution. (CVE-2014-1581) - Multiple security bypass vulnerabilities exist in the implementation of Public Key Pinning (PKP); one issue can be triggered via SPDY's or HTTP/2's connection-coalescing property in the case of a shared IP address, and another issue is exposed by an unspecified issuer-verification error. Both scenarios can be leveraged for man-in-the-middle attacks. Note that key pinning was introduced in Firefox 32. (CVE-2014-1582, CVE-2014-1584) - Multiple memory safety flaws exist within the browser engine, which can likely be leveraged for denial of service or arbitrary code execution. (CVE-2014-1574, CVE-2014-1575)


Upgrade to Thunderbird 31.2, or later.