Mozilla Thunderbird ESR Multiple Vulnerabilities - November12 (Mac OS X) Network Vulnerability

Summary

This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to inject scripts and bypass certain security restrictions. Impact Level: Application

Solution

Upgrade to Thunderbird ESR 10.0.10 or later, http://www.mozilla.org/en-US/thunderbird

Insight

Multiple errors - When handling the 'window.location' object. - Within CheckURL() function of the 'window.location' object, which can be forced to return the wrong calling document and principal. - Within handling of 'Location' object can be exploited to bypass security wrapper protection.

Affected

Thunderbird ESR version 10.x before 10.0.10 on Mac OS X

References

http://secunia.com/advisories/51144
http://securitytracker.com/id/1027703
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4194, CVE-2012-4195, CVE-2012-4196

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)

Take action and discover your vulnerabilities