Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to Thunderbird version to 17.0 or later,
http://www.mozilla.org/en-US/thunderbird
Insight
- The 'location' property can be accessed through 'top.location' with a frame whose name attributes value is set to 'top'.
- Use-after-free error exists within the functions 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry', 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.
- An error within the 'evalInSandbox()' when handling the 'location.href' property.
- Error when rendering GIF images.
Affected
Thunderbird version before 17.0 on Mac OS X
References
- http://secunia.com/advisories/51358
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
- http://www.osvdb.org/87581
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)