Lucene search

Tenable2703.PRM

HistoryMar 14, 2005 - 12:00 a.m.

Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated)

2005-03-1400:00:00

Tenable

www.tenable.com

JSON

The remote host is running a vulnerable version of Mozilla Thunderbird mail client. It is reported that this version of Mozilla or Mozilla Thunderbird is vulnerable to a flaw where embedded HTML tagging allows a remote attacker to spoof the ‘Save as’ dialog box and convince an unsuspecting user in download a malicious file. An attacker exploiting this flaw would need to be able to convince a remote user to click on a malicious link. Successful exploitation would result in malicious code being downloaded onto the client machine.
Secondly, The remote version of this software is vulnerable to a heap overflow vulnerability when it processes GIF images. An attacker may exploit this flaw to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed GIF image to a victim on the remote host and wait for him or her to open it.

Binary data 2703.prm

VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

Vendor	Product	Version	CPE
mozilla	thunderbird		cpe:/a:mozilla:thunderbird

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0401

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1157

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1476

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2701

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2702

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2704

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2705

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2706

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2707

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4809

www.mozilla.org/security/announce/2005/mfsa2005-17.html

www.mozilla.org/security/announce/2005/mfsa2005-18.html

www.mozilla.org/security/announce/2005/mfsa2005-21.html

www.mozilla.org/security/announce/2005/mfsa2005-25.html

www.mozilla.org/security/announce/2005/mfsa2005-30.html

JSON