Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version 31.0 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws are due to,
- An error when buffering Web Audio for playback.
- A use-after-free error related to ordering of control messages for Web Audio.
- A use-after-free error in DirectWrite when rendering MathML.
- A use-after-free error when handling the FireOnStateChange event.
- An unspecified error when using the Cesium JavaScript library to generate WebGL content.
- The application bundles a vulnerable version of the Network Security Services (NSS) library.
and Some unspecified errors.
Affected
Mozilla Thunderbird version before 31.0 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1544, CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
- Adobe Dreamweaver Insecure Library Loading Vulnerability
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)