Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6669.PRM
HistoryJan 15, 2013 - 12:00 a.m.

Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities

2013-01-1500:00:00
Tenable
www.tenable.com
16

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Versions of Mozilla Thunderbird prior to 17.0.2 are affected by the following security issues :

  • Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743)
  • A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744)
  • An error exists related to the β€˜AutoWrapperChanger’ class that does not properly manage objects during garbage collection. (CVE-2012-0745)
  • An error exists related to β€˜jsval’, β€˜quickstubs’, and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746)
  • Errors exist related to events in the plugin handler that could allow same-origin policy bypass. (CVE-2013-0747)
  • An error related to the β€˜toString’ method of XBL objects could lead to address information leakage. (CVE-2013-0748)
  • An unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769)
  • A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750)
  • An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752)
  • A use-after-free error exists related to β€˜XMLSerializer’ and β€˜serializeToStream’. (CVE-2013-0753)
  • A use-after-free error exists related to garbage collection and β€˜ListenManager’. (CVE-2013-0754)
  • A use-after-free error exists related to the β€˜Vibrate’ library and β€˜domDoc’. (CVE-2013-0755)
  • A use-after-free error exists related to JavaScript β€˜Proxy’ objects. (CVE-2013-0756)
  • β€˜Chrome Object Wrappers’ (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757)
  • An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758)
  • An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759)
  • Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771)
  • An error exists related to SSL and threading that could result in potentially exploitable crashes. (CVE-2013-0764)
  • An error exists related to β€˜Canvas’ and bad height or width values passed to it from HTML. (CVE-2013-0768)
Binary data 6669.prm
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

Related

nessus 48
openvas 61
oraclelinux 2
veracode 4
redhat 2
centos 2
ubuntu 5
suse 6
freebsd 1
securityvulns 1
mozilla 7
fedora 3
checkpoint_advisories 1
zdt 2
metasploit 1
ibm 2
exploitdb 1
nvd 11
ubuntucve 9
seebug 2
prion 10
cve 9
cvelist 7
zdi 2
nessus
nessus
Mozilla Thunderbird 17.x < 17.0.2 Multiple Vulnerabilities
2013-01-15 00:00:00
Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)
2013-01-15 00:00:00
Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities
2013-01-15 00:00:00
openvas
openvas
RedHat Update for thunderbird RHSA-2013:0145-01
2013-01-11 00:00:00
CentOS Update for thunderbird CESA-2013:0145 centos6
2013-01-11 00:00:00
CentOS Update for xulrunner CESA-2013:0144 centos5
2013-01-21 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2013-01-08 00:00:00
firefox security update
2013-01-08 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:45:41
Out-Of-Bounds Read
2019-05-02 04:45:40
Use-After-Free
2019-05-02 04:45:40
redhat
redhat
(RHSA-2013:0144) Critical: firefox security update
2013-01-08 00:00:00
(RHSA-2013:0145) Critical: thunderbird security update
2013-01-08 00:00:00
centos
centos
firefox, xulrunner security update
2013-01-09 05:51:05
thunderbird security update
2013-01-09 05:51:41
ubuntu
ubuntu
Firefox vulnerabilities
2013-01-09 00:00:00
Firefox regression
2013-02-05 00:00:00
Firefox regression
2013-01-22 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2013-01-18 20:04:36
Security update for MozillaFirefox (important)
2013-01-18 19:04:49
Security update for MozillaFirefox (important)
2013-02-13 23:04:32
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-01-08 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-01-10 00:00:00
mozilla
mozilla
Use-after-free and buffer overflow issues found using Address Sanitizer β€” Mozilla
2013-01-08 00:00:00
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) β€” Mozilla
2013-01-08 00:00:00
Chrome Object Wrapper (COW) bypass through changing prototype β€” Mozilla
2013-01-08 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: seamonkey-2.15.1-1.fc17
2013-02-02 04:21:54
[SECURITY] Fedora 16 Update: seamonkey-2.15.1-1.fc16
2013-02-02 04:26:35
[SECURITY] Fedora 18 Update: seamonkey-2.15.1-1.fc18
2013-01-26 15:59:50
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Flash Privileged Code Injection (CVE-2013-0757; CVE-2013-0758)
2013-06-27 00:00:00
zdt
zdt
Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection Exploit
2017-03-23 00:00:00
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Exploit
2017-03-23 00:00:00
metasploit
metasploit
Firefox 17.0.1 Flash Privileged Code Injection
2013-05-16 04:52:51
ibm
ibm
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
exploitdb
exploitdb
Mozilla Firefox &lt; 17.0.1 - Flash Privileged Code Injection (Metasploit)
2013-01-08 00:00:00
nvd
nvd
CVE-2013-0761
2013-01-13 20:55:02
CVE-2012-0745
2012-05-04 16:55:01
CVE-2013-0757
2013-01-13 20:55:02
ubuntucve
ubuntucve
CVE-2013-0761
2013-01-09 00:00:00
CVE-2013-0757
2013-01-09 00:00:00
CVE-2013-0766
2013-01-09 00:00:00
seebug
seebug
IBM AIX 'getpwnam()'ζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž(CVE-2012-0745)
2012-05-15 00:00:00
Mozilla Firefox mozilla::TrackUnionStream::EndTrackε †ι‡Šζ”ΎεŽι‡η”¨ζΌζ΄ž
2013-01-10 00:00:00
prion
prion
Design/Logic Flaw
2013-01-13 20:55:00
Design/Logic Flaw
2013-01-13 20:55:00
Integer overflow
2013-01-13 20:55:00
cve
cve
CVE-2013-0744
2013-01-13 20:55:01
CVE-2013-0757
2013-01-13 20:55:02
CVE-2013-0759
2013-01-13 20:55:02
cvelist
cvelist
CVE-2013-0766
2013-01-13 20:00:00
CVE-2013-0759
2013-01-13 20:00:00
CVE-2012-0745
2012-05-04 16:00:00
zdi
zdi
Mozilla Firefox obj_toSource Use-After-Free Remote Code Execution Vulnerability
2013-03-22 00:00:00
Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability
2013-02-01 00:00:00

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for 6669.PRM
nessus48openvas61oraclelinux2veracode4redhat2centos2ubuntu5suse6freebsd1securityvulns1mozilla7fedora3checkpoint_advisories1zdt2metasploit1ibm2exploitdb1nvd11ubuntucve9seebug2prion10cve9cvelist7zdi2