Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-MAC OS X

This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.

The multiple flaws exist due to, - asm.js JIT-spray bypass of ASLR and DEP. - Memory Corruption when handling ErrorResult. - Use-after-free working with events in FontFace objects. - Use-after-free using addRange to add range to an incorrect root object. - Use-after-free working with ranges in selections. - Segmentation fault in Skia with canvas operations. - Pixel and history stealing via floating-point timing side channel with SVG filters. - Memory corruption during JavaScript garbage collection incremental sweeping. - Use-after-free in Buffer Storage in libGLES. - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service. - Cross-origin reading of video captions in violation of CORS. - Buffer overflow read in SVG filters. - Segmentation fault during bidirectional operations. - File picker can choose incorrect default directory. - Addressbar spoofing through blob URL. - Null dereference crash in HttpChannel. - Addressbar spoofing by dragging and dropping URLs. - Overly permissive Gecko Media Plugin sandbox regular expression access. - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running. - Non-existent chrome.manifest file loaded during startup. - Out of bounds read when parsing HTTP digest authorization responses. - Repeated authentication prompts lead to DOS attack. - Javascript: URLs can obfuscate addressbar location. - FTP response codes can cause use of uninitialized values for ports. - Print preview spoofing. - DOS attack by using view-source: protocol repeatedly in one hyperlink.

Mozilla Thunderbird version before 45.8 on MAC OS X.

Checks if a vulnerable version is present on the target host.

Upgrade to Mozilla Thunderbird 45.8 or later.