Mozilla Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities

NASLDB: Mozilla Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities

General

ID: 59410
Name: Mozilla Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities

Summary: Checks version of Thunderbird

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :

– An error exists in the ASN.1 decoder when handling zero
length items that can lead to application crashes.
(CVE-2012-0441)

– Multiple memory corruption errors exist. (CVE-2012-1937,
CVE-2012-1939)

– Two heap-based buffer overflows and one heap-based use-
after-free error exist and are potentially exploitable.
(CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)

– The inline-script blocking feature of the ‘Content
Security Policy’ (CSP) does not properly block inline
event handlers. This error allows remote attackers to
more easily carry out cross-site scripting attacks.
(CVE-2012-1944)

– A use-after-free error exists related to replacing or
inserting a node into a web document. (CVE-2012-1946)