Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux) Network Vulnerability

Summary

The host is installed with Thunderbird and is prone to Remote Code Execution vulnerabilities.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code, memory corruption, and results in Denial of Service condition. Impact Level:System/Application

Solution

Upgrade to Mozilla Thunderbird version 3 or later, For updates refer to http://www.mozilla.com/

Insight

The flaws are due to error in browser engine which can be exlpoited via some of the known vectors and unspecified vectors.

Affected

Mozilla Thunderbird version 2.0.0.22 and prior on Linux.

References

http://secunia.com/advisories/35914
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.vupen.com/english/advisories/2009/1972

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
CesarFTP MKD Command Buffer Overflow
EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
freeSSHd SFTP 'rename' and 'realpath' Remote DoS Vulnerability
Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability

Take action and discover your vulnerabilities