Mozilla Thunderbird 8 Multiple Vulnerabilities

2011-09-2900:00:00

Tenable

www.tenable.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.955 High

EPSS

Percentile

99.4%

The remote host has a email client installed that is vulnerable to multiple attack vectors.

Versions of Thunderbird 8.0 are potentially affected by the following security issues :

An out-of-bounds memory access error exists in the ‘SVG’ implementation and can be triggered when ‘SVG’ elements are removed during a ‘DOMAttrModified’ event handler. (CVE-2011-3658)
Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660)
An error exists in the ‘YARR’ regular expression library that can cause application crashers when handling certain JavaScript statements. (CVE-2011-3661)
It is possible to detect keystrokes using ‘SVG’ animation ‘accesskey’ events even when JavaScript is disabled. (CVE-2011-3663)
AN error exists related to plugins that can allow a null pointer to be dereferenced when a plugin deletes its containing DOM frame during a call from that frame. It may be possible for a non-null pointer to be dereferenced thereby opening up the potential for further exploitation. (CVE-2011-3664)
It is possible to crash the application when ‘OGG’ ‘video’ elements are scaled to extreme sizes. (CVE-2011-3665)