Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win) Network Vulnerability

Summary

The host is installed with Thunderbird and is prone to Remote Code Execution vulnerabilities.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code, memory corruption, and results in Denial of Service condition. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaws are due to error in browser engine which can be exlpoited via some of the known vectors and unspecified vectors.

Affected

Mozilla Thunderbird version 2.0.0.22 and prior on Windows.

References

http://secunia.com/advisories/35914
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.vupen.com/english/advisories/2009/1972

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

7-Zip Unspecified Archive Handling Vulnerability (Win)
ClamAV Denial of Service Vulnerability (Win)
CUPS IPP Use-After-Free Denial of Service Vulnerability
Check for RealServer DoS
Freeciv Multiple Remote Denial Of Service Vulnerabilities

Take action and discover your vulnerabilities