Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Windows)

Information

Severity

Severity

Critical

Family

Family

General

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

5 years ago

Summary

The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities.

Insight

Insight

Multiple flaws due to, - PreserveWrapper does not handle lack of wrapper. - Error in processing of SVG format images with filters to read pixel values. - Does not prevent inclusion of body data in XMLHttpRequest HEAD request. - Multiple unspecified vulnerabilities in the browser engine. - Does not properly handle onreadystatechange events in conjunction with page reloading. - System Only Wrapper (SOW) and Chrome Object Wrapper (COW), does not restrict XBL user-defined functions. - Use-after-free vulnerability in 'nsIDocument::GetRootElement' and 'mozilla::dom::HTMLMediaElement::LookupMediaElementURITable' functions. - XrayWrapper does not properly restrict use of DefaultValue for method calls.

Affected Software

Affected Software

Thunderbird ESR versions 17.x before 17.0.7 on Windows

Solution

Solution

Upgrade to Thunderbird ESR 17.0.7 or later.