Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Thunderbird Security Updates(mfsa_2017-05_2017-07)-MAC OS X
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.
Insight
Insight
The multiple flaws exist due to, - asm.js JIT-spray bypass of ASLR and DEP. - Memory Corruption when handling ErrorResult. - Use-after-free working with events in FontFace objects. - Use-after-free using addRange to add range to an incorrect root object. - Use-after-free working with ranges in selections. - Segmentation fault in Skia with canvas operations. - Pixel and history stealing via floating-point timing side channel with SVG filters. - Memory corruption during JavaScript garbage collection incremental sweeping. - Use-after-free in Buffer Storage in libGLES. - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service. - Cross-origin reading of video captions in violation of CORS. - Buffer overflow read in SVG filters. - Segmentation fault during bidirectional operations. - File picker can choose incorrect default directory. - Addressbar spoofing through blob URL. - Null dereference crash in HttpChannel. - Addressbar spoofing by dragging and dropping URLs. - Overly permissive Gecko Media Plugin sandbox regular expression access. - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running. - Non-existent chrome.manifest file loaded during startup. - Out of bounds read when parsing HTTP digest authorization responses. - Repeated authentication prompts lead to DOS attack. - Javascript: URLs can obfuscate addressbar location. - FTP response codes can cause use of uninitialized values for ports. - Print preview spoofing. - DOS attack by using view-source: protocol repeatedly in one hyperlink.
Affected Software
Affected Software
Mozilla Thunderbird version before 45.8 on MAC OS X.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Mozilla Thunderbird 45.8 or later.