Lucene search

K
nessusTenable8339.PRM
HistoryJul 25, 2014 - 12:00 a.m.

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities

2014-07-2500:00:00
Tenable
www.tenable.com
12

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.264 Low

EPSS

Percentile

96.8%

Versions of Mozilla Thunderbird prior to 31.0 are unpatched for the following vulnerabilities :

  • An exploitable crash when using the Cesium JavaScript library to generate WebGL content could be leveraged to execute arbitrary code (CVE-2014-1556)
  • A potentially exploitable crash when scaling high quality images, due to image data being discarded while in use by the scaling operation (CVE-2014-1557)
  • Use-after-free errors when handling certificates in the trusted cache, triggering a FireOnStateChang event in certain circumstances, when rendering MathML content in DirectWrite handling certain fonts, and buffering Web Audio playback can be leveraged to crash the application and, in some cases, execute arbitrary code (CVE-2014-1544, CVE-2014-1555, CVE-2014-1551, CVE-2014-1550)
  • Bypass of the iframe element sandbox via network-level redirects, which can allow unauthorized access to content without explicit approval (CVE-2014-1552)
  • Issues with parsing SSL certificates when non-standard characters are present, which can lead to a potential inability to use valid SSL certificates (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560)
  • Potentially exploitable buffer overflow when interacting with Web Audio buffer for playback, due to an error in the amount of memory allocated for buffers (CVE-2014-1549)
  • Other miscellaneous memory issues that have since been fixed (CVE-2014-1547, CVE-2014-1548)

While most of these vulnerabilities are browser-oriented, Thunderbird’s built-in browser capabilities may be susceptible vectors for attack.

Binary data 8339.prm
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.264 Low

EPSS

Percentile

96.8%