The host is installed with Thunderbird, which is prone to multiple vulnerabilities.

Successful exploitation could result in remote arbitrary JavaScript code execution, spoofing attacks, sensitive information disclosure, and can cause denial of service. Impact Level: System/Application

Upgrade to Firefox version 2.0.0.22 http://www.mozilla.com/en-US/thunderbird/all.html

- Error in js/src/xpconnect/src/xpcwrappedjsclass.cpp file will allow attacker to execute arbitrary web script. - An error when handling a non-200 response returned by a proxy in reply to a CONNECT request, which could cause the body of the response to be rendered within the context of the request 'Host:' header. - An error when handling event listeners attached to an element whose owner document is null. - Due to content-loading policies not being checked before loading external script files into XUL documents, which could be exploited to bypass restrictions. - An error when handling event listeners attached to an element whose owner document is null. - Error exists in JavaScript engine is caused via vectors related to js_LeaveSharpObject, ParseXMLSource, and a certain assertion in jsinterp.c. - Error exists via vectors involving 'double frame construction.'

Thunderbire version prior to 2.0.0.22 on Windows.

• http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
• http://www.vupen.com/english/advisories/2009/1572

---

Updated on 2015-03-25