Mozilla Thunderbird < 24.5 Multiple Vulnerabilities

Versions of Mozilla Thunderbird prior to 24.5 are unpatched against the following vulnerabilities :

• Use-after-free vulnerabilities in nsHostResolver and imgLoader, which can crash with a potentially exploitable condition (CVE-2014-1532, CVE-2014-1531)
• A non-exploitable out-of-bounds read when decoding JPG images (CVE-2014-1523)
• Privilege escalation for scripts when sites that have been granted notification permissions by a user can bypass security checks on source components for the Web Notification API (CVE-2014-1529)
• A potentially exploitable buffer overflow when a script uses a non-XBL object as an XBL object (CVE-2014-1524)
• A cross-site scripting vulnerability using browser navigations through history to load a website with the page’s base URI pointing to a different site (CVE-2014-1530)
• Various memory safety hazards (CVE-2014-1518, CVE-2014-1519)