Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version 24.2 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws are due to,
- Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function.
- JavaScript implementation does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs.
- Use-after-free vulnerability in the nsEventListenerManager::HandleEvent SubType function
- unspecified error in nsGfxScrollFrameInner::IsLTR function.
- Flaw is due to the program ignoring the setting to remove the trust for extended validation (EV) capable root certificates.
Affected
Mozilla Thunderbird version before 24.2 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)