Mozilla Thunderbird Multiple Vulnerabilities-01 Jan15 (Windows) Network Vulnerability

Summary

This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to bypass certain security restrictions, and compromise a user's system. Impact Level: System/Application

Solution

Upgrade to Mozilla Thunderbird version 31.4 or later, For updates refer https://www.mozilla.org/en-US/thunderbird

Insight

Multiple flaws exist due to, - An error when handling a '407 Proxy Authentication' response with a 'Set-Cookie' header from a web proxy. - Some unspecified errors. - An error when handling a request from 'navigator.sendBeacon' API interface function.

Affected

Mozilla Thunderbird before version 31.4 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/62253
https://www.mozilla.org/en-US/security/advisories/mfsa2015-01
https://www.mozilla.org/en-US/security/advisories/mfsa2015-03
https://www.mozilla.org/en-US/security/advisories/mfsa2015-04

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8634, CVE-2014-8638, CVE-2014-8639

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Windows)

Take action and discover your vulnerabilities