Summary
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting, clickjacking attacks or cause a denial of service or possibly execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Thunderbird version 16.0 or later,
For updates refer to http://www.mozilla.org/en-US/thunderbird
Insight
The flaws are due to
- An error while handling navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks.
- An invalid cast when using the instance of operator on certain types of JavaScript objects.
- An error when implementing the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
Affected
Thunderbird versions before 16.0 on Windows
References
Severity
Classification
-
CVE CVE-2012-3984, CVE-2012-3985, CVE-2012-3989, CVE-2012-5354 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)