Summary
This host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service and conduct buffer overflow attacks.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird ESR version 17.0.10 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws due to,
- Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function.
- An error in 'Worker::SetEventListener' function in the Web workers implementation.
- Use-after-free vulnerability in the 'nsEventListenerManager::SetEventHandler' function.
- Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function.
- Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function.
- Use-after-free vulnerability in the 'nsDocLoader::doStopDocumentLoad' function.
- Multiple unspecified vulnerabilities in the browser engine.
- Improper memory allocation for unspecified functions by JavaScript engine.
Affected
Mozilla Thunderbird ESR version 17.x before 17.0.10 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)