Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities

high Nessus Plugin ID 32134

Synopsis

The remote Windows host contains a mail client that is affected by multiple vulnerabilities.

Description

The installed version of Thunderbird is affected by various security issues :

- A series of vulnerabilities exist that allow for JavaScript privilege escalation and arbitrary code execution.

- Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption.

Solution

Upgrade to Mozilla Thunderbird 2.0.0.14 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/

Plugin Details

Severity: High

ID: 32134

File Name: mozilla_thunderbird_20014.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 5/6/2008

Updated: 8/10/2018

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: Mozilla/Thunderbird/Version

Patch Publication Date: 3/25/2008

Reference Information

CVE: CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237

CWE: 399, 79, 94