Summary
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, obtain potentially sensitive information, gain escalated privileges, bypass security restrictions, perform unauthorized actions and other attacks may also be possible.
Solution
Upgrade to version 17.0.8 or later,
For updates refer to http://www.mozilla.org/en-US/thunderbird
Insight
Multiple flaws due to,
- Error in crypto.generateCRMFRequest function.
- Does not properly restrict local-filesystem access by Java applets.
- Multiple Unspecified vulnerabilities in the browser engine.
- Multiple untrusted search path vulnerabilities updater.exe.
- Web Workers implementation is not properly restrict XMLHttpRequest calls.
- Usage of incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy.
- Improper handling of interaction between FRAME elements and history.
- Stack-based buffer overflow in Mozilla Updater and maintenanceservice.exe.
Affected
Mozilla Thunderbird before 17.0.8 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-1701, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities