Summary
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird ESR version 17.0.6 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
- Unspecified vulnerabilities in the browser engine.
- The Chrome Object Wrapper (COW) implementation does not prevent acquisition of chrome privileges.
- 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale' functions do not initialize data structures.
- Errors in 'SelectionIterator::GetNextSegment',
'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph' functions.
- Use-after-free vulnerabilities in following functions, 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and 'mozilla::plugins::child::_geturlnotify'.
Affected
Mozilla Thunderbird ESR version 17.x before 17.0.6 on Windows
References
Severity
Classification
-
CVE CVE-2013-0801, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities