| Description: | Description:
Overview: The host is installed with Thunderbird, which is prone to multiple
vulnerabilities.
Vulnerability Insight:
- Error in js/src/xpconnect/src/xpcwrappedjsclass.cpp file will allow attacker
to execute arbitrary web script.
- An error when handling a non-200 response returned by a proxy in reply to a
CONNECT request, which could cause the body of the response to be rendered
within the context of the request 'Host:' header.
- An error when handling event listeners attached to an element whose owner
document is null.
- Due to content-loading policies not being checked before loading external
script files into XUL documents, which could be exploited to bypass
restrictions.
- An error when handling event listeners attached to an element whose owner
document is null.
- Error exists in JavaScript engine is caused via vectors related to
js_LeaveSharpObject, ParseXMLSource, and a certain assertion in jsinterp.c.
- Error exists via vectors involving 'double frame construction.'
Impact:
Successful exploitation could result in remote arbitrary JavaScript code
execution, spoofing attacks, sensitive information disclosure, and can cause
denial of service.
Impact Level: System/Application
Affected Software/OS:
Thunderbire version prior to 2.0.0.22 on Windows.
Fix: Upgrade to Firefox version 2.0.0.22
http://www.mozilla.com/en-US/thunderbird/all.html
References:
http://www.vupen.com/english/advisories/2009/1572
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
