Summary
This host is installed with Mozilla
Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
disclose potentially sensitive information, bypass certain security restrictions, conduct denial-of-service attack and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Thunderbird version
31.2 or later, For updates refer https://www.mozilla.org/en-US/thunderbird
Insight
Multiple flaws exist due to,
- An error when handling video sharing within a WebRTC session running within an iframe.
- An error when handling camera recording within an iframe related to site navigation.
- An use-after-free error when handling text layout related to DirectionalityUtils.
- An out-of-bounds error within the 'get_tile' function when buffering WebM format video containing frames.
- An out-of-bounds error within 'mozilla::dom::OscillatorNodeEngine::ComputeCustom' method when interacting with custom waveforms.
- An error within the 'nsTransformedTextRun' class when handling capitalization style changes during CSS parsing.
- Other unspecified errors.
Affected
Mozilla Thunderbird 31.x before version 31.2
on Windows
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
- http://msisac.cisecurity.org/advisories/2014/2014-088.cfm
- http://osvdb.com/113161
- http://secunia.com/advisories/59643/
- https://www.mozilla.org/security/announce/2014/mfsa2014-74.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-76.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-81.html
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1585, CVE-2014-1586 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities