Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version 17.0.3 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
- Error when handling a WebIDL object
- Error in displaying the content of a 407 response of a proxy - Unspecified errors in 'nsSaveAsCharset::DoCharsetConversion()' function, Chrome Object Wrappers (COW) and in System Only Wrappers (SOW).
- Use-after-free error in the below functions
'nsDisplayBoxShadowOuter::Paint()'
'nsPrintEngine::CommonPrint()'
'nsOverflowContinuationTracker::Finish()'
'nsImageLoadingContent::OnStopContainer()'
- Out-of-bound read error in below functions
'ClusterIterator::NextCluster()'
'nsCodingStateMachine::NextState()'
'mozilla::image::RasterImage::DrawFrameTo()', when rendering GIF images.
Affected
Mozilla Thunderbird version before 17.0.3 on Windows
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)