Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5001

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to 2.0.0.22 are affected by the following security issues :

- Multiple remote memory corruption vulnerabilities exist which can be exploited to execute arbitrary code in the context of the user running the affected application. (MFSA 2009-14)
- A flaw may exist where Unicode box drawing characters are allowed in Internationalized Domain Names where they could be visually confused with punctuation used in valid web addresses. An attacker can leverage this to launch a phishing-type scam against a victim. (MFSA 2009-15)
- A vulnerability exists when the 'jar:' scheme is used to wrap a URI which serves the content with 'Content-Disposition: attachment'. An attacker can leverage this to subvert sites which use this mechanism to mitigate content injection attacks. (MFSA 2009-16)
- When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage this to launch cross-site request forger attacks. It is also possible to exploit this to place cookie-like objects on victim's computers. (MFSA 2009-17)
- A vulnerability exists which allows attackers to inject arbitrary scripts into sites via XBL bindings. This vulnerability requires the attacker to have the ability to embed third-party stylesheets into the site. (MFSA 2009-18)
- Multiple remote code execution vulnerabilities exist caused by the creation of documents whose URI does not match the document's principle using XMLHttpRequest, as well as a flaw in the 'XPCNativeWrapper.ToString' '__proto__' coming from the wrong scope. (MFSA 2009-19)
- A malicious MozSearch plugin could be created using a javascript: URI in the SearchForm value. An attacker can leverage this in order to inject code into arbitrary sites. (MFSA 2009-20)
- An information disclosure vulnerability exists when saving the inner frame of a web page as a file when the outer page has POST data associated with it. (MFSA 2009-21)
- A cross site scripting vulnerability exists when handling a Refresh header containing a javascript: URI. (MFSA 2009-22)" );

Solution

Upgrade to Thunderbird 2.0.0.22 or later.

See Also

https://www.mozilla.org/security

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird

Plugin Details

Severity: Medium

ID: 5001

Family: SMTP Clients

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Reference Information

CVE: CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1838, CVE-2009-1840, CVE-2009-2210

BID: 33837, 34656, 35370, 35371, 35372, 35383, 35461