Synopsis
The remote host has a email client installed that is vulnerable to multiple attack vectors.
Description
The remote host has a email client installed that is vulnerable to multiple attack vectors.
Versions of Thunderbird 8.0 are potentially affected by the following security issues :
- An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658)
- Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660)
- An error exists in the 'YARR' regular expression library that can cause application crashers when handling certain JavaScript statements. (CVE-2011-3661)
- It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663)
- AN error exists related to plugins that can allow a null pointer to be dereferenced when a plugin deletes its containing DOM frame during a call from that frame. It may be possible for a non-null pointer to be dereferenced thereby opening up the potential for further exploitation. (CVE-2011-3664)
- It is possible to crash the application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665)
Solution
Upgrade to Thunderbird 9.0 or later.
Plugin Details
Nessus ID: 57352, 57361
Vulnerability Information
Patch Publication Date: 9/27/2011
Vulnerability Publication Date: 9/27/2011
Exploitable With
Metasploit (Firefox 7/8 (less than 8.0.1) nsSVGValue Out-of-Bounds Access Vulnerability)
Reference Information
CVE: CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3664, CVE-2011-3665
BID: 51133, 51134, 51135, 51136, 51137, 51138