Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)

Critical

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to 38.1 are outdated and thus unpatched for the following vulnerabilities :

- A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, then the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721) - Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725) - A use-after-free error exists in the 'CSPService::ShouldLoad()' function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731) - An uninitialized memory use issue exists in the 'CairoTextureClientD3D9::BorrowDrawTarget()' function, the '::d3d11::SetBufferData()' function, and the 'YCbCrImageDataDeserializer::ToDataSourceSurface()' function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738) - A memory corruption issue exists in the 'nsZipArchive::GetDataOffset()' function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735) - A memory corruption issue exists in the 'nsZipArchive::BuildFileList()' function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736) - An unspecified memory corruption issue exists in the 'ArrayBufferBuilder::append()' function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739) - A buffer overflow condition exists in the 'nsXMLHttpRequest::AppendToResponseText()' function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740) - A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions. (CVE-2015-2741) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

Solution

Upgrade to Thunderbird 38.1 or later.