Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities

critical Nessus Plugin ID 64724

Synopsis

The remote Windows host contains a mail client that is potentially affected by several vulnerabilities.

Description

The installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues :

- Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784)

- An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772)

- An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765)

- An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773)

- The file system location of the active browser profile could be disclosed and used in further attacks.
(CVE-2013-0774)

- A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775)

- Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code.
(CVE-2013-0776)

- A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777)

- An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778)

- An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779)

- A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780)

- A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781)

- A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'.
(CVE-2013-0782)

Solution

Upgrade to Thunderbird 17.0.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2013-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-28/

Plugin Details

Severity: Critical

ID: 64724

File Name: mozilla_thunderbird_1703.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 2/20/2013

Updated: 12/4/2019

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-0784

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: Mozilla/Thunderbird/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/19/2013

Vulnerability Publication Date: 2/19/2013

Reference Information

CVE: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784

BID: 58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051