Test ID:	1.3.6.1.4.1.25623.1.0.809395
Category:	General
Title:	Mozilla Thunderbird Security Advisories (MFSA2016-88, MFSA2016-88) - Mac OS X
Summary:	Mozilla Thunderbird is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Thunderbird is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString. - Bad cast in nsImageGeometryMixin. - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList. - Use-after-free in nsFrameManager::CaptureFrameState. - Use-after-free in DOMSVGLength. - Heap-use-after-free in nsRefreshDriver::Tick. - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame. - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap. - Add-on update site certificate pin expiration. - Resource Timing API is storing resources sent by the previous page. Vulnerability Impact: Successful exploitation of this vulnerability will allow remote attackers to cause denial of service, to get a mis-issued certificate for a Mozilla web sit could send malicious add-on updates to users on networks controlled by the attacker, to get potential information, also allows to run arbitrary code. Affected Software/OS: Mozilla Thunderbird versions before 45.4. Solution: Update to version 45.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5270 BugTraq ID: 93049 http://www.securityfocus.com/bid/93049 Debian Security Information: DSA-3674 (Google Search) http://www.debian.org/security/2016/dsa-3674 https://security.gentoo.org/glsa/201701-15 RedHat Security Advisories: RHSA-2016:1912 http://rhn.redhat.com/errata/RHSA-2016-1912.html http://www.securitytracker.com/id/1036852 Common Vulnerability Exposure (CVE) ID: CVE-2016-5272 Common Vulnerability Exposure (CVE) ID: CVE-2016-5276 Common Vulnerability Exposure (CVE) ID: CVE-2016-5274 Common Vulnerability Exposure (CVE) ID: CVE-2016-5277 Common Vulnerability Exposure (CVE) ID: CVE-2016-5278 Common Vulnerability Exposure (CVE) ID: CVE-2016-5280 Common Vulnerability Exposure (CVE) ID: CVE-2016-5284 https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95 http://seclists.org/dailydave/2016/q3/51 Common Vulnerability Exposure (CVE) ID: CVE-2016-5250 BugTraq ID: 92260 http://www.securityfocus.com/bid/92260 http://www.securitytracker.com/id/1036508 SuSE Security Announcement: openSUSE-SU-2016:1964 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:2026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://www.ubuntu.com/usn/USN-3044-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5257 Debian Security Information: DSA-3690 (Google Search) http://www.debian.org/security/2016/dsa-3690 RedHat Security Advisories: RHSA-2016:1985 http://rhn.redhat.com/errata/RHSA-2016-1985.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5281 http://www.geeknik.net/7gr1u98b9
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.