Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version 24.5 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws are due to,
- An error exists when validating the XBL status of an object.
- An error exists when handling site notifications within the Web Notification API.
- An error exists when handling browser navigations through history to load a website.
- A use-after-free error exists when handling an imgLoader object within the 'nsGenericHTMLElement::GetWidthHeightForImage()' function.
- An error exists in NSS.
- A use-after-free error exists when handling host resolution within the 'libxul.so!nsHostResolver::ConditionallyRefreshRecord()' function.
- And some unspecified errors exist.
Affected
Mozilla Thunderbird version before 24.5 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)