Mozilla Thunderbird < 31.2 Multiple Vulnerabilities

Versions of Mozilla Thunderbird prior to 31.2 are prone to the following vulnerabilities :

• Buffer overflow vulnerability exists when capitalization style changes occur during CSS parsing. (CVE-2014-1576)
• Out-of-bounds read error exists in the Web Audio component when invalid values are used in custom waveforms, which can lead to a denial of service or information disclosure. (CVE-2014-1577)
• Out-of-bounds write error when processing invalid tile sizes in ‘WebM’ format videos can be leveraged for arbitrary code execution. (CVE-2014-1578)
• Use-after-free error in the ‘DirectionalityUtils’ component when text direction is used in the text layout can be leveraged for arbitrary code execution. (CVE-2014-1581)
• Multiple security bypass vulnerabilities exist in the implementation of Public Key Pinning (PKP); one issue can be triggered via SPDY’s or HTTP/2’s connection-coalescing property in the case of a shared IP address, and another issue is exposed by an unspecified issuer-verification error. Both scenarios can be leveraged for man-in-the-middle attacks. Note that key pinning was introduced in Firefox 32. (CVE-2014-1582, CVE-2014-1584)
• Multiple memory safety flaws exist within the browser engine, which can likely be leveraged for denial of service or arbitrary code execution. (CVE-2014-1574, CVE-2014-1575)