Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Thunderbird Multiple Vulnerability July-08 (Linux)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Thunderbird, that is prone to multiple vulnerabilities.
Insight
Insight
The issues are due to, - multiple errors in the layout and JavaScript engines that can corrupt memory. - error while handling unprivileged XUL documents that can be exploited to load chrome scripts from a fastload file via <script> elements. - error in mozIJSSubScriptLoader.LoadScript function that can bypass XPCNativeWrappers. - error in block re-flow process, which can potentially lead to crash. - errors in the implementation of the Javascript same origin policy - error in processing of Alt Names provided by peer. - error in processing of windows URL shortcuts.
Affected Software
Affected Software
Thunderbird version prior to 2.0.0.16 on Linux.
Solution
Solution
Upgrade to Thunderbird version 2.0.0.16.
Common Vulnerabilities and Exposures (CVE)
References
- http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-33.html