Mozilla Thunderbird Multiple Vulnerabilities-01 (Mac OS X)

Summary
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross site scripting attacks, cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unspecified vectors. Impact Level:System/Application
Solution
Upgrade to Thunderbird version to 16.0 or later, http://www.mozilla.org/en-US/thunderbird
Insight
The flaws are due to - memory corruption issues - An error within Chrome Object Wrapper (COW) when handling the 'InstallTrigger' object can be exploited to access certain privileged functions and properties. - Use-after-free in the IME State Manager code. - combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. - Several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. - An error when GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. - An issue with spoofing of the location property. - Use-after-free, buffer overflow, and out of bounds read issues. - The location property can be accessed by binary plugins through top.location and top can be shadowed by Object.define Property as well. This can allow for possible XSS attacks through plugins. - several memory safety bugs in the browser engine used in mozilla products.
Affected
Thunderbird versions before 16.0 on Mac OS X
References