Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities

NASLDB: Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities

General

ID: 47783
Name: Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities

Summary: Checks version of Thunderbird

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The installed version of Thunderbird is earlier than 3.0.6. Such
versions are potentially affected by the following security issues :

– Multiple memory safety bugs could result in memory
corruption, potentially resulting in arbitrary code
execution. (MFSA 2010-34)

– The array class used to store CSS values is affected
by an integer overflow vulnerability. (MFSA 2010-39)

– An integer overflow vulnerability exists in the
‘selection’ attribute of XUL <tree> element.
(MFSA 2010-40)

– A buffer overflow vulnerability in Mozilla graphics
code could lead to arbitrary code execution.
(MFSA 2010-41)

– It is possible to read and parse resources from other
domains even when the content is not valid javascript
leading to cross-domain data disclosure. (MFSA 2010-42)

– It is possible to read data acrosss domains by
injecting bogus CSS selectors into a target site.
(MFSA 2010-46)

– Potentially sensitive URL parameters could be leaked
across domains via script errors. (MFSA 2010-47)