This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service, spoof the address bar, conduct clickjacking attacks and conduct buffer overflow attacks. Impact Level: System/Application.

Upgrade to Mozilla Thunderbird version 24.1 or later, For updates refer to http://www.mozilla.com/en-US/thunderbird

Multiple flaws due to, - Use-after-free vulnerability in the 'nsContentUtils::ContentIsHostIncludingDescendantOf' function. - Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function. - An error in 'Worker::SetEventListener' function in the Web workers implementation. - Use-after-free vulnerability in the 'nsEventListenerManager::SetEventHandler' function. - Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function. - Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function. - Use-after-free vulnerability in 'nsDocLoader::doStopDocumentLoad' function. - Multiple unspecified vulnerabilities in the browser engine. - Improper restriction of the nature or placement of HTML within dropdown menu. - Improper memory allocation for unspecified functions by JavaScript engine. - Improper determination of the thread for release of an image object.

Mozilla Thunderbird before version 24.1 on Windows

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://secunia.com/advisories/55520
• http://www.mozilla.org/security/announce/2013/mfsa2013-102.html

---

Updated on 2017-03-28