Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version 24.2 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws are due to,
- Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function.
- JavaScript implementation does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs.
- Use-after-free vulnerability in the nsEventListenerManager::HandleEvent SubType function
- unspecified error in nsGfxScrollFrameInner::IsLTR function.
- Flaw is due to the program ignoring the setting to remove the trust for extended validation (EV) capable root certificates.
Affected
Mozilla Thunderbird version before 24.2 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities