Mozilla Thunderbird ESR Security Bypass Vulnerabilities - Oct 12 (Windows)

Summary
The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site. Impact Level: Application
Solution
Upgrade to Thunderbird ESR version 10.0.9 or later, For updates refer to http://www.mozilla.org/en-US/thunderbird
Insight
Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object.
Affected
Thunderbird ESR versions 10.x before 10.0.9 on Windows
References