Summary
This host is installed with Mozilla
Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
disclose potentially sensitive information, compromise a user's system and have other unknown impacts.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version
31.3 or later, For updates refer https://www.mozilla.org/en-US/thunderbird
Insight
Multiple flaws exist due to,
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read' function.
- A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream.
- Multiple unspecified errors.
-- The CoreGraphics framework logging potentially sensitive input data to the /tmp directory.
Affected
Mozilla Thunderbird before version 31.3
on Mac OS X
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple iTunes Multiple Vulnerabilities - Apr10
- Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)