Summary
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting, clickjacking attacks or cause a denial of service or possibly execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Thunderbird version 16.0 or later,
For updates refer to http://www.mozilla.org/en-US/thunderbird
Insight
The flaws are due to
- An error while handling navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks.
- An invalid cast when using the instance of operator on certain types of JavaScript objects.
- An error when implementing the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
Affected
Thunderbird versions before 16.0 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-3984, CVE-2012-3985, CVE-2012-3989, CVE-2012-5354 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat Remote Code Execution Vulnerability(Win)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability