Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)

NASLDB: Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)

General

ID: 59406
Name: Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)

Summary: Checks version of Thunderbird

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 0
Family: MacOS X Local Security Checks
Type: Local

Description

The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :

– An error exists in the ASN.1 decoder when handling zero
length items that can lead to application crashes.
(CVE-2012-0441)

– Multiple memory corruption errors exist. (CVE-2012-1937,
CVE-2012-1939)

– Two heap-based buffer overflows and one heap-based use-
after-free error exist and are potentially exploitable.
(CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)

– The inline-script blocking feature of the ‘Content
Security Policy’ (CSP) does not properly block inline
event handlers. This error allows remote attackers to
more easily carry out cross-site scripting attacks.
(CVE-2012-1944)

– A use-after-free error exists related to replacing or
inserting a node into a web document. (CVE-2012-1946)