Detections
Analytics
Mozilla Thunderbird < 2.0.0.19 Multiple Vulnerabilities
high Log Correlation Engine Plugin ID 801218
Synopsis
The remote Windows host contains a mail client that is affected by multiple vulnerabilities.Description
The installed version of Thunderbird is earlier than 2.0.0.19. Such versions are potentially affected by the following security issues :- There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60)
- XBL bindings can be used to read data from other domains. (MFSA 2008-61)
- Sensitive data may be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64)
- A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL that redirects to an off-domain target resource containing data that is not parsable as JavaScript. (MFSA 2008-65)
- Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66)
- An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67)
- XSS and JavaScript privilege escalation are possible. (MFSA 2008-68)
Solution
Upgrade to version 2.0.0.19 or higher.See Also
http://.mozilla.org/security/announce/2008/mfsa2008-60.html
http://.mozilla.org/security/announce/2008/mfsa2008-61.html
http://.mozilla.org/security/announce/2008/mfsa2008-64.html
http://.mozilla.org/security/announce/2008/mfsa2008-65.html
http://.mozilla.org/security/announce/2008/mfsa2008-66.html
http://.mozilla.org/security/announce/2008/mfsa2008-67.html
Plugin Details
Severity: High
ID: 801218
Family: SMTP Clients
Nessus ID: 35287
Reference Information
CVE: CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5504, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513
BID: 32882