Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service, spoof the address bar, conduct clickjacking attacks and conduct buffer overflow attacks.
Impact Level: System/Application.
Solution
Upgrade to Mozilla Thunderbird version 24.1 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird
Insight
Multiple flaws due to,
- Use-after-free vulnerability in the
'nsContentUtils::ContentIsHostIncludingDescendantOf' function.
- Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function.
- An error in 'Worker::SetEventListener' function in the Web workers implementation.
- Use-after-free vulnerability in the 'nsEventListenerManager::SetEventHandler' function.
- Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function.
- Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function.
- Use-after-free vulnerability in 'nsDocLoader::doStopDocumentLoad' function.
- Multiple unspecified vulnerabilities in the browser engine.
- Improper restriction of the nature or placement of HTML within dropdown menu.
- Improper memory allocation for unspecified functions by JavaScript engine.
- Improper determination of the thread for release of an image object.
Affected
Mozilla Thunderbird before version 24.1 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5590, CVE-2013-5591, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities