Detections
Analytics
Mozilla Thunderbird < 24.3 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 8100
Synopsis
The remote host has an email client installed that is vulnerable to multiple attack vectors.Description
Versions of Mozilla Thunderbird prior to 24.3 are prone to the following vulnerabilities :- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)
- An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)
- An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481)
- An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)
- A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)
- An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487)
- Errors exist related to the included Network Security Services (NSS) libraries, 'NewSessionTicket' handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)
Solution
Upgrade to Thunderbird 24.3, or later.See Also
http://www.mozilla.org/security/announce/2014/mfsa2014-13.html
http://www.mozilla.org/security/announce/2014/mfsa2014-08.html
http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
http://www.mozilla.org/security/announce/2014/mfsa2014-02.html
http://www.mozilla.org/security/announce/2014/mfsa2014-04.html
http://www.mozilla.org/security/announce/2014/mfsa2014-09.html
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
Plugin Details
Severity: Medium
ID: 8100
Family: SMTP Clients
Published: 2/5/2014
Updated: 3/6/2019
Nessus ID: 72331
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mozilla:thunderbird
Patch Publication Date: 2/4/2014
Vulnerability Publication Date: 2/4/2014
Reference Information
CVE: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
BID: 65332, 65335, 65316, 65317, 65320, 65321, 65322, 65324, 65326, 65328, 65329, 65330, 65331, 65334