Summary
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird ESR version 17.0.6 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
- Unspecified vulnerabilities in the browser engine.
- The Chrome Object Wrapper (COW) implementation does not prevent acquisition of chrome privileges.
- 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale' functions do not initialize data structures.
- Errors in 'SelectionIterator::GetNextSegment',
'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph' functions.
- Use-after-free vulnerabilities in following functions, 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and 'mozilla::plugins::child::_geturlnotify'.
Affected
Mozilla Thunderbird ESR version 17.x before 17.0.6 on Mac OS X
References
Severity
Classification
-
CVE CVE-2013-0801, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)