Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to Thunderbird version to 17.0 or later,
http://www.mozilla.org/en-US/thunderbird
Insight
- The 'location' property can be accessed through 'top.location' with a frame whose name attributes value is set to 'top'.
- Use-after-free error exists within the functions 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry', 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.
- An error within the 'evalInSandbox()' when handling the 'location.href' property.
- Error when rendering GIF images.
Affected
Thunderbird version before 17.0 on Windows
References
- http://secunia.com/advisories/51358
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
- http://www.osvdb.org/87581
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities