The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2010:0896 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    A race condition flaw was found in the way Thunderbird handled Document     Object Model (DOM) element properties. An HTML mail message containing     malicious content could cause Thunderbird to crash or, potentially, execute     arbitrary code with the privileges of the user running Thunderbird.
    (CVE-2010-3765)

    Several flaws were found in the processing of malformed HTML mail content.
    An HTML mail message containing malicious content could cause Thunderbird     to crash or, potentially, execute arbitrary code with the privileges of the     user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,     CVE-2010-3180, CVE-2010-3183)

    A same-origin policy bypass flaw was found in Thunderbird. Remote HTML     content could steal private data from different remote HTML content     Thunderbird had loaded. (CVE-2010-3178)

    Note: JavaScript support is disabled by default in Thunderbird. The above     issues are not exploitable unless JavaScript is enabled.

    A flaw was found in the script that launches Thunderbird. The     LD_LIBRARY_PATH variable was appending a . character, which could allow a     local attacker to execute arbitrary code with the privileges of a different     user running Thunderbird, if that user ran Thunderbird from within an     attacker-controlled directory. (CVE-2010-3182)

    All Thunderbird users should upgrade to this updated package, which     resolves these issues. All running instances of Thunderbird must be     restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of Firefox 3.6.x earlier than 3.6.12 are potentially affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

Versions of Mozilla Thunderbird 3.0.x prior to 3.0.10 are affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

Versions of Firefox 3.5.x earlier than 3.5.15 are potentially affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

Versions of Mozilla Thunderbird 3.1.x prior to 3.1.6 are affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

Versions of SeaMonkey 2.0.x earlier than 2.0.10 are potentially affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

Versions of Thunderbird 3.0.x earlier than 3.0.10 are potentially affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

Versions of Thunderbird 3.1.x earlier than 3.1.6 are potentially affected by a buffer overflow vulnerability when mixing 'document.write()' and DOM insertions. (MFSA 2010-73)

ID	Name	Product	Family	Published	Updated	Severity
50648	RHEL 6 : thunderbird (RHSA-2010:0896)	Nessus	Red Hat Local Security Checks	11/18/2010	11/4/2024	critical
5691	Mozilla Firefox 3.6.x < 3.6.12 Buffer Overflow Vulnerability	Nessus Network Monitor	Web Clients	10/28/2010	3/6/2019	medium
5692	Mozilla Thunderbird 3.0.x < 3.0.10 Buffer Overflow	Nessus Network Monitor	SMTP Clients	10/28/2010	3/6/2019	medium
5690	Mozilla Firefox 3.5.x < 3.5.15 Buffer Overflow Vulnerability	Nessus Network Monitor	Web Clients	10/28/2010	3/6/2019	medium
5693	Mozilla Thunderbird 3.1.x < 3.1.6 Buffer Overflow	Nessus Network Monitor	SMTP Clients	10/28/2010	3/6/2019	medium
5694	SeaMonkey 2.0.x < 2.0.10 Buffer Overflow	Nessus Network Monitor	Web Clients	10/28/2010	3/6/2019	medium
801269	Mozilla SeaMonkey 2.0.x < 2.0.10 Buffer Overflow Vulnerability	Log Correlation Engine	Web Clients	10/28/2010		high
801223	Mozilla Firefox 3.6.x < 3.6.12 Buffer Overflow Vulnerability	Log Correlation Engine	Web Clients	10/28/2010		high
801287	Mozilla Thunderbird 3.0.x < 3.0.10 Buffer Overflow Vulnerability	Log Correlation Engine	SMTP Clients	10/28/2010		high
801237	Mozilla Thunderbird 3.1.x < 3.1.6 Buffer Overflow Vulnerability	Log Correlation Engine	SMTP Clients	10/28/2010		high
801274	Mozilla Firefox 3.5.x < 3.5.15 Buffer Overflow Vulnerability	Log Correlation Engine	Web Clients	10/28/2010		high

Detections

Analytics

Plugins Search

critical

medium

medium

medium

medium

medium

high

high

high

high

high