Summary
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service and conduct buffer overflow attacks.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird ESR version 17.0.10 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws due to,
- Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function.
- An error in 'Worker::SetEventListener' function in the Web workers implementation.
- Use-after-free vulnerability in the
'nsEventListenerManager::SetEventHandler' function.
- Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function.
- Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function.
- Use-after-free vulnerability in 'nsDocLoader::doStopDocumentLoad' function.
- Multiple unspecified vulnerabilities in the browser engine.
- Improper memory allocation for unspecified functions by JavaScript engine.
Affected
Mozilla Thunderbird ESR version 17.x before 17.0.10 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities