Description: | Summary: The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Vulnerability Insight: The flaws are due to
- memory corruption issues
- An error within Chrome Object Wrapper (COW) when handling the 'InstallTrigger' object can be exploited to access certain privileged functions and properties.
- Use-after-free in the IME State Manager code.
- combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference.
- Several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages.
- An error when GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties.
- An issue with spoofing of the location property.
- Use-after-free, buffer overflow, and out of bounds read issues.
- The location property can be accessed by binary plugins through top.location and top can be shadowed by Object.define Property as well. This can allow for possible XSS attacks through plugins.
- several memory safety bugs in the browser engine used in mozilla products.
Vulnerability Impact: Successful exploitation will let attackers to conduct cross site scripting attacks, cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unspecified vectors.
Affected Software/OS: Thunderbird versions before 16.0 on Mac OS X
Solution: Upgrade to Thunderbird version to 16.0 or later.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|