| VID |
28903 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Mozilla Thunderbird installed on the remote Windows host is prior to 52.5.2 It is, therefore, affected by multiple vulnerabilities.
- CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9
- CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
- CVE-2017-7847: Local path string can be leaked from RSS feed
- CVE-2017-7848: RSS Feed vulnerable to new line Injection
- CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
* Platforms Affected:
Mozilla Foundation, Thunderbird versions prior to 52.5.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Thunderbird (52.5.2 or later), available from the Mozilla Web site at http://www.mozilla.com/thunderbird/ |
| Related URL |
CVE-2017-7845,CVE-2017-7846,CVE-2017-7847,CVE-2017-7848,CVE-2017-7829 (CVE) |
| Related URL |
101832 (SecurityFocus) |
| Related URL |
(ISS) |
|
