Mozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities

high Nessus Plugin ID 49148

Language:

Synopsis

The remote Windows host contains a mail client that is affected by multiple vulnerabilities.

Description

The installed version of Thunderbird 3.1 is earlier than 3.1.3. Such versions are potentially affected by the following security issues :

- Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49)

- An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution.
(MFSA 2010-50)

- A dangling pointer vulnerability in 'navigator.plugins' could lead to arbitrary code execution. (MFSA 2010-51)

- It is possible to perform DLL hijacking attacks via dwmapi.dll. (MFSA 2010-52)

- A heap overflow vulnerability in function 'nsTextFrameUtils::TransformText' could result in arbitrary code execution on the remote system.
(MFSA 2010-53)

- A dangling pointer vulnerability reported in MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

- By manipulating XUL <tree> objects it may be possible to crash the application or run arbitrary code on the remote system. (MFSA 2010-55)

- A dangling pointer vulnerability affects XUL <tree>'s content view implementation, which could allow arbitrary code execution on the remote system. (MFSA 2010-56)

- Code used to normalize a document could lead to a crash or arbitrary code execution on the remote system.
(MFSA 2010-57)

- A specially crafted font could trigger memory corruption on Mac systems, potentially resulting in arbitrary code execution on the remote system. (MFSA 2010-58)

- It may be possible to run arbitrary JavaScript with chrome privileges via wrapper class XPCSafeJSObjectWrapper (SJOW). (MFSA 2010-59)

- The 'type' attribute of an <object> tag could override charset of a framed HTML document, which could allow an attacker to inject and execute UTF-7 encoded JavaScript code into a website. (MFSA 2010-61)

- Copy-and-paste or drag-and-drop of an HTML selection containing JavaScript into a designMode document could trigger a cross-site scripting vulnerability.
(MFSA 2010-62)

- It is possible to read sensitive information via 'statusText' property of an XMLHttpRequest object.
(MFSA 2010-63)

Solution

Upgrade to Thunderbird 3.1.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-59/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/

http://www.nessus.org/u?587534ee

Plugin Details

Severity: High

ID: 49148

File Name: mozilla_thunderbird_313.nasl

Version: 1.21

Type: local

Agent: windows

Family: Windows

Published: 9/8/2010

Updated: 7/16/2018

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: Mozilla/Thunderbird/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/7/2010

Vulnerability Publication Date: 9/7/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3131, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169

BID: 42654, 43091, 43092, 43093, 43095, 43096, 43097, 43100, 43101, 43102, 43104, 43106, 43108, 43118

Secunia: 41304