Test ID:	1.3.6.1.4.1.25623.1.0.809348
Category:	General
Title:	Mozilla Thunderbird Security Advisories (MFSA2017-05, MFSA2017-07) - Mac OS X
Summary:	Mozilla Thunderbird is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Thunderbird is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - asm.js JIT-spray bypass of ASLR and DEP. - Memory Corruption when handling ErrorResult. - Use-after-free working with events in FontFace objects. - Use-after-free using addRange to add range to an incorrect root object. - Use-after-free working with ranges in selections. - Segmentation fault in Skia with canvas operations. - Pixel and history stealing via floating-point timing side channel with SVG filters. - Memory corruption during JavaScript garbage collection incremental sweeping. - Use-after-free in Buffer Storage in libGLES. - File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service. - Cross-origin reading of video captions in violation of CORS. - Buffer overflow read in SVG filters. - Segmentation fault during bidirectional operations. - File picker can choose incorrect default directory. - Addressbar spoofing through blob URL. - Null dereference crash in HttpChannel. - Addressbar spoofing by dragging and dropping URLs. - Overly permissive Gecko Media Plugin sandbox regular expression access. - Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running. - Non-existent chrome.manifest file loaded during startup. - Out of bounds read when parsing HTTP digest authorization responses. - Repeated authentication prompts lead to DOS attack. - Javascript: URLs can obfuscate addressbar location. - FTP response codes can cause use of uninitialized values for ports. - Print preview spoofing. - DOS attack by using view-source: protocol repeatedly in one hyperlink. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code, to delete arbitrary files by leveraging certain local file execution, to obtain sensitive information, and to cause a denial of service. Affected Software/OS: Mozilla Thunderbird version before 45.8 on Mac OS X. Solution: Upgrade to Mozilla Thunderbird 45.8 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5400 BugTraq ID: 96654 http://www.securityfocus.com/bid/96654 Debian Security Information: DSA-3805 (Google Search) https://www.debian.org/security/2017/dsa-3805 Debian Security Information: DSA-3832 (Google Search) https://www.debian.org/security/2017/dsa-3832 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 RedHat Security Advisories: RHSA-2017:0459 http://rhn.redhat.com/errata/RHSA-2017-0459.html RedHat Security Advisories: RHSA-2017:0461 http://rhn.redhat.com/errata/RHSA-2017-0461.html RedHat Security Advisories: RHSA-2017:0498 http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securitytracker.com/id/1037966 Common Vulnerability Exposure (CVE) ID: CVE-2017-5401 BugTraq ID: 96677 http://www.securityfocus.com/bid/96677 Common Vulnerability Exposure (CVE) ID: CVE-2017-5402 BugTraq ID: 96664 http://www.securityfocus.com/bid/96664 Common Vulnerability Exposure (CVE) ID: CVE-2017-5404 https://www.exploit-db.com/exploits/41660/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5407 BugTraq ID: 96693 http://www.securityfocus.com/bid/96693 Common Vulnerability Exposure (CVE) ID: CVE-2017-5410 Common Vulnerability Exposure (CVE) ID: CVE-2017-5408 Common Vulnerability Exposure (CVE) ID: CVE-2017-5405 Common Vulnerability Exposure (CVE) ID: CVE-2017-5398 BugTraq ID: 96651 http://www.securityfocus.com/bid/96651
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.