Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird < 31.6 Multiple Vulnerabilities



The remote host has an email client installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Thunderbird prior to 31.6 are prone to the following vulnerabilities :

- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. (CVE-2015-0801) - A cross-site request forgery (XSRF) vulnerability exists in the 'sendBeacon()' function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807) - A use-after-free vulnerability affects the 'AppendElements()' function when the Fluendo MP3 plugin for GStreamer is used. A remote attacker could exploit this to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted MP3 file. (CVE-2015-0813) - Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code. (CVE-2015-0814, CVE-2015-0815) - A privilege escalation vulnerability exists related to documents loaded through a 'resource:' URL. An attacker can exploit this to load pages and execute JavaScript with elevated privileges. (CVE-2015-0816)


Upgrade to Thunderbird 31.6, or later.