This host is installed with Mozilla Thunderbird ESR prone to multiple vulnerabilities.

Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser. Impact Level: System/Application

Upgrade to Thunderbird ESR 10.0.11 or later, http://www.mozilla.org/en-US/thunderbird

- The 'location' property can be accessed through 'top.location' with a frame whose name attributes value is set to 'top'. - Use-after-free error exists within the functions 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry', 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'. - An error within the 'evalInSandbox()' when handling the 'location.href' property. - Error when rendering GIF images.

Thunderbird ESR version 10.x before 10.0.11 on Windows

• http://secunia.com/advisories/51358
• http://securitytracker.com/id?1027791
• http://securitytracker.com/id?1027792
• http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
• http://www.osvdb.org/87581

---

Updated on 2015-03-25