Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to inject scripts and bypass certain security restrictions.
Impact Level: Application
Solution
Upgrade to Thunderbird version to 16.0.2 or later, http://www.mozilla.org/en-US/thunderbird
Insight
Multiple errors
- When handling the 'window.location' object.
- Within CheckURL() function of the 'window.location' object, which can be forced to return the wrong calling document and principal.
- Within handling of 'Location' object can be exploited to bypass security wrapper protection.
Affected
Thunderbird version before 16.0.2 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Apple iTunes Multiple Vulnerabilities - Apr10
- Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability