Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version 24.4 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws are due to,
- Local users can gain privileges by modifying the extracted Mar contents during an update.
- A boundary error when decoding WAV audio files.
- An error when performing polygon rendering in MathML.
- The session-restore feature does not consider the Content Security Policy of a data URL.
- A timing error when processing SVG format images with filters and displacements.
- A use-after-free error when handling garbage collection of TypeObjects under memory pressure.
- An error within the TypedArrayObject implementation when handling neutered ArrayBuffer objects.
- And some unspecified errors exist.
Affected
Mozilla Thunderbird version before 24.4 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1493, CVE-2014-1496, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)