Summary
The host is installed with Mozilla Thunderbird, that is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution, spoofing attacks, sensitive information disclosure, and can crash the browser.
Impact Level: System
Solution
Upgrade to Thunderbird version 2.0.0.16
http://www.mozilla.com/en-US/thunderbird/all-older.html
Insight
The issues are due to,
- multiple errors in the layout and JavaScript engines that can corrupt memory.
- error while handling unprivileged XUL documents that can be exploited to load chrome scripts from a fastload file via <script> elements.
- error in mozIJSSubScriptLoader.LoadScript function that can bypass XPCNativeWrappers.
- error in block re-flow process, which can potentially lead to crash.
- errors in the implementation of the Javascript same origin policy - error in processing of Alt Names provided by peer.
- error in processing of windows URL shortcuts.
Affected
Thunderbird version prior to 2.0.0.16 on Linux.
References
- http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities