Summary
The host is installed with Mozilla Thunderbird, that is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution, spoofing attacks, sensitive information disclosure, and can crash the browser.
Impact Level : System
Solution
Upgrade to Thunderbird version 2.0.0.16
http://www.mozilla.com/en-US/thunderbird/all-older.html
Insight
The issues are due to,
- multiple errors in the layout and JavaScript engines that can corrupt memory.
- error while handling unprivileged XUL documents that can be exploited to load chrome scripts from a fastload file via <script> elements.
- error in mozIJSSubScriptLoader.LoadScript function that can bypass XPCNativeWrappers.
- error in block re-flow process, which can potentially lead to crash.
- errors in the implementation of the Javascript same origin policy - error in processing of Alt Names provided by peer.
- error in processing of windows URL shortcuts.
Affected
Thunderbird version prior to 2.0.0.16 on Windows.
References
- http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)