Mozilla Thunderbird Security Bypass Vulnerabilities - Oct 12 (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site. Impact Level: Application

Solution

Upgrade to Thunderbird version 16.0.1 or later, For updates refer to http://www.mozilla.org/en-US/thunderbird

Insight

Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object.

Affected

Thunderbird versions before 16.0.1 on Windows

References

http://secunia.com/advisories/50856
http://secunia.com/advisories/50935
http://www.mozilla.org/security/announce/2012/mfsa2012-89.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4192, CVE-2012-4193

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows

Take action and discover your vulnerabilities