Summary
The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site.
Impact Level: Application
Solution
Upgrade to Thunderbird ESR version 10.0.9 or later, For updates refer to http://www.mozilla.org/en-US/thunderbird
Insight
Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object.
Affected
Thunderbird ESR versions 10.x before 10.0.9 on Windows
References
Severity
Classification
-
CVE CVE-2012-4192, CVE-2012-4193 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities