Summary
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site.
Impact Level: Application
Solution
Upgrade to Thunderbird version 16.0.1 or later,
For updates refer to http://www.mozilla.org/en-US/thunderbird
Insight
Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object.
Affected
Thunderbird versions before 16.0.1 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-4192, CVE-2012-4193 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)