Summary
This host is installed with Mozilla
Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
disclose potentially sensitive information, compromise a user's system and have other unknown impacts.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version
31.3 or later, For updates refer https://www.mozilla.org/en-US/thunderbird
Insight
Multiple flaws exist due to,
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read' function.
- A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream.
- Multiple unspecified errors.
Affected
Mozilla Thunderbird before version 31.3
on Windows
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Apple Mac OS X Multiple Vulnerabilities - 02 Jan14