Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_THUNDERBIRD_1702.NASL
HistoryJan 15, 2013 - 12:00 a.m.

Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities

2013-01-1500:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

The installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues :

  • Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743)

  • A use-after-free error exists related to displaying HTML tables with many columns and column groups.
    (CVE-2013-0744)

  • An error exists related to the β€˜AutoWrapperChanger’ class that does not properly manage objects during garbage collection. (CVE-2012-0745)

  • An error exists related to β€˜jsval’, β€˜quickstubs’, and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746)

  • Errors exist related to events in the plugin handler that could allow same-origin policy bypass.
    (CVE-2013-0747)

  • An error related to the β€˜toString’ method of XBL objects could lead to address information leakage.
    (CVE-2013-0748)

  • An unspecified memory corruption issue exists.
    (CVE-2013-0749, CVE-2013-0769)

  • A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750)

  • An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752)

  • A use-after-free error exists related to β€˜XMLSerializer’ and β€˜serializeToStream’.
    (CVE-2013-0753)

  • A use-after-free error exists related to garbage collection and β€˜ListenManager’. (CVE-2013-0754)

  • A use-after-free error exists related to the β€˜Vibrate’ library and β€˜domDoc’. (CVE-2013-0755)

  • A use-after-free error exists related to JavaScript β€˜Proxy’ objects. (CVE-2013-0756)

  • β€˜Chrome Object Wrappers’ (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757)

  • An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758)

  • An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759)

  • Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771)

  • An error exists related to SSL and threading that could result in potentially exploitable crashes.
    (CVE-2013-0764)

  • An error exists related to β€˜Canvas’ and bad height or width values passed to it from HTML. (CVE-2013-0768)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63553);
  script_version("1.19");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2013-0744",
    "CVE-2013-0745",
    "CVE-2013-0746",
    "CVE-2013-0747",
    "CVE-2013-0748",
    "CVE-2013-0749",
    "CVE-2013-0750",
    "CVE-2013-0752",
    "CVE-2013-0753",
    "CVE-2013-0754",
    "CVE-2013-0755",
    "CVE-2013-0756",
    "CVE-2013-0757",
    "CVE-2013-0758",
    "CVE-2013-0759",
    "CVE-2013-0761",
    "CVE-2013-0762",
    "CVE-2013-0763",
    "CVE-2013-0764",
    "CVE-2013-0766",
    "CVE-2013-0767",
    "CVE-2013-0768",
    "CVE-2013-0769",
    "CVE-2013-0771"
  );
  script_bugtraq_id(
    57193,
    57194,
    57195,
    57196,
    57197,
    57198,
    57203,
    57204,
    57205,
    57209,
    57211,
    57213,
    57215,
    57217,
    57218,
    57228,
    57232,
    57234,
    57235,
    57236,
    57238,
    57240,
    57241,
    57244,
    57258
  );

  script_name(english:"Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities");
  script_summary(english:"Checks version of Thunderbird");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a mail client that is potentially
affected by several vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Thunderbird is earlier than 17.0.2 and thus,
is potentially affected by the following security issues :

  - Two intermediate certificates were improperly issued by
    TURKTRUST certificate authority. (CVE-2013-0743)

  - A use-after-free error exists related to displaying
    HTML tables with many columns and column groups.
    (CVE-2013-0744)

  - An error exists related to the 'AutoWrapperChanger'
    class that does not properly manage objects during
    garbage collection. (CVE-2012-0745)

  - An error exists related to 'jsval', 'quickstubs', and
    compartmental mismatches that could lead to potentially
    exploitable crashes. (CVE-2013-0746)

  - Errors exist related to events in the plugin handler
    that could allow same-origin policy bypass.
    (CVE-2013-0747)

  - An error related to the 'toString' method of XBL
    objects could lead to address information leakage.
    (CVE-2013-0748)

  - An unspecified memory corruption issue exists.
    (CVE-2013-0749, CVE-2013-0769)

  - A buffer overflow exists related to JavaScript string
    concatenation. (CVE-2013-0750)
    
  - An error exists related to multiple XML bindings with
    SVG content, contained in XBL files. (CVE-2013-0752)

  - A use-after-free error exists related to
    'XMLSerializer' and 'serializeToStream'.
    (CVE-2013-0753)

  - A use-after-free error exists related to garbage
    collection and 'ListenManager'. (CVE-2013-0754)

  - A use-after-free error exists related to the 'Vibrate'
    library and 'domDoc'. (CVE-2013-0755)

  - A use-after-free error exists related to JavaScript
    'Proxy' objects. (CVE-2013-0756)
  
  - 'Chrome Object Wrappers' (COW) can be bypassed by
    changing object prototypes, which could allow 
    arbitrary code execution. (CVE-2013-0757)

  - An error related to SVG elements and plugins could 
    allow privilege escalation. (CVE-2013-0758)

  - An error exists related to the address bar that could
    allow URL spoofing attacks. (CVE-2013-0759)

  - Multiple, unspecified use-after-free, out-of-bounds read
    and buffer overflow errors exist. (CVE-2013-0761,
    CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
    CVE-2013-0767, CVE-2013-0771)

  - An error exists related to SSL and threading that
    could result in potentially exploitable crashes.
    (CVE-2013-0764)

  - An error exists related to 'Canvas' and bad height or
    width values passed to it from HTML. (CVE-2013-0768)");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-003/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-006/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-037/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-038/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-039/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-03/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-07/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-08/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-10/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-13/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-14/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-18/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-20/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Thunderbird 17.0.2 / 17.0.2 ESR or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0769");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox 17.0.1 Flash Privileged Code Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Thunderbird/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport");

installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");

mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'17.0.2', severity:SECURITY_HOLE, xss:TRUE);
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

Related

nessus 50
openvas 66
securityvulns 1
suse 6
freebsd 1
ubuntu 5
veracode 4
redhat 3
centos 3
oraclelinux 2
mozilla 9
fedora 3
metasploit 1
ibm 2
checkpoint_advisories 1
zdt 2
exploitdb 1
prion 11
cvelist 7
cve 8
seebug 3
ubuntucve 8
gentoo 1
zdi 1
nessus
nessus
Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)
2013-01-15 00:00:00
Firefox 10.x < 10.0.12 Multiple Vulnerabilities
2013-01-15 00:00:00
Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities
2013-01-15 00:00:00
openvas
openvas
Ubuntu Update for firefox USN-1681-1
2013-01-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0049-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0048-1)
2021-06-09 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-01-10 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2013-02-13 23:04:32
Security update for MozillaFirefox (important)
2013-01-18 19:04:49
Security update for MozillaFirefox (important)
2013-01-18 20:04:36
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-01-08 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-01-09 00:00:00
Firefox regression
2013-02-05 00:00:00
Firefox vulnerabilities
2013-01-09 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:45:41
Out-Of-Bounds Read
2019-05-02 04:45:40
Use-After-Free
2019-05-02 04:45:40
redhat
redhat
(RHSA-2013:0144) Critical: firefox security update
2013-01-08 00:00:00
(RHSA-2013:0145) Critical: thunderbird security update
2013-01-08 00:00:00
(RHSA-2013:0213) Important: nss, nss-util, and nspr security, bug fix, and enhancement update
2013-01-31 00:00:00
centos
centos
firefox, xulrunner security update
2013-01-09 05:51:05
thunderbird security update
2013-01-09 05:51:41
nspr, nss security update
2013-02-01 00:52:44
oraclelinux
oraclelinux
firefox security update
2013-01-08 00:00:00
thunderbird security update
2013-01-08 00:00:00
mozilla
mozilla
Use-after-free and buffer overflow issues found using Address Sanitizer β€” Mozilla
2013-01-08 00:00:00
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) β€” Mozilla
2013-01-08 00:00:00
Chrome Object Wrapper (COW) bypass through changing prototype β€” Mozilla
2013-01-08 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: seamonkey-2.15.1-1.fc17
2013-02-02 04:21:54
[SECURITY] Fedora 16 Update: seamonkey-2.15.1-1.fc16
2013-02-02 04:26:35
[SECURITY] Fedora 18 Update: seamonkey-2.15.1-1.fc18
2013-01-26 15:59:50
metasploit
metasploit
Firefox 17.0.1 Flash Privileged Code Injection
2013-05-16 04:52:51
ibm
ibm
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Flash Privileged Code Injection (CVE-2013-0757; CVE-2013-0758)
2013-06-27 00:00:00
zdt
zdt
Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection Exploit
2017-03-23 00:00:00
GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Exploit
2017-03-23 00:00:00
exploitdb
exploitdb
Mozilla Firefox &lt; 17.0.1 - Flash Privileged Code Injection (Metasploit)
2013-01-08 00:00:00
prion
prion
Design/Logic Flaw
2013-01-13 20:55:00
Design/Logic Flaw
2013-01-13 20:55:00
Design/Logic Flaw
2013-01-13 20:55:00
cvelist
cvelist
CVE-2013-0745
2013-01-13 20:00:00
CVE-2012-0745
2012-05-04 16:00:00
CVE-2013-0766
2013-01-13 20:00:00
cve
cve
CVE-2013-0745
2013-01-13 20:55:00
CVE-2012-0745
2012-05-04 16:55:00
CVE-2013-0744
2013-01-13 20:55:00
seebug
seebug
IBM AIX 'getpwnam()'ζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž(CVE-2012-0745)
2012-05-15 00:00:00
Mozilla Firefox mozilla::TrackUnionStream::EndTrackε †ι‡Šζ”ΎεŽι‡η”¨ζΌζ΄ž
2013-01-10 00:00:00
Mozilla Firefox Mesaε †ι‡Šζ”ΎεŽι‡η”¨ζΌζ΄ž
2013-01-10 00:00:00
ubuntucve
ubuntucve
CVE-2013-0761
2013-01-09 00:00:00
CVE-2013-0757
2013-01-09 00:00:00
CVE-2013-0768
2013-01-09 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
zdi
zdi
Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability
2013-02-01 00:00:00
JSON
Related for MOZILLA_THUNDERBIRD_1702.NASL
nessus50openvas66securityvulns1suse6freebsd1ubuntu5veracode4redhat3centos3oraclelinux2mozilla9fedora3metasploit1ibm2checkpoint_advisories1zdt2exploitdb1prion11cvelist7cve8seebug3ubuntucve8gentoo1zdi1