Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux) Network Vulnerability

Summary

The host is installed with Thunderbird and is prone to Remote Code Execution vulnerabilities.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code, memory corruption, and results in Denial of Service condition. Impact Level:System/Application

Solution

Upgrade to Mozilla Thunderbird version 3 or later, For updates refer to http://www.mozilla.com/

Insight

The flaws are due to error in browser engine which can be exlpoited via some of the known vectors and unspecified vectors.

Affected

Mozilla Thunderbird version 2.0.0.22 and prior on Linux.

References

http://secunia.com/advisories/35914
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.vupen.com/english/advisories/2009/1972

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BitDefender 'pdf.xmd' Module PDF Parsing Remote DoS Vulnerability
Adobe Flash Media Server Multiple Denial of Service Vulnerabilities
Apple Safari Multiple Vulnerabilities June-09 (Win) - II
ClamAV Denial of Service Vulnerability (Linux)
Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)

Take action and discover your vulnerabilities