Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6560.PRM
HistoryAug 30, 2012 - 12:00 a.m.

Mozilla Thunderbird < 15.0 Multiple Vulnerabilities

2012-08-3000:00:00
Tenable
www.tenable.com
14

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.217

Percentile

96.5%

JSON

Versions of Mozilla Thunderbird prior to 15.0 are affected by the following security issues :

  • An error exists related to β€˜Object.defineProperty’ and the location object that could allow cross-site scripting attacks. (CVE-2012-1956)
  • Unspecified memory safety issues exist. (CVE-2012-1970, CVE-2012-1971)
  • Multiple use-after-free errors exist. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
  • An error exists related to bitmap (BMP) and icon (ICO) file decoding that can lead to memory corruption, causing application crashes and potentially arbitrary code execution. (CVE-2012-3966)
  • A use-after-free error exists related to WebGL shaders. (CVE-2012-3968)
  • A buffer overflow exists related to SVG filters. (CVE-2012-3969)
  • A use-after-free error exists related to elements having β€˜requiredFeatures’ attributes. (CVE-2012-3970)
  • A β€˜Graphite 2’ library memory corruption error exists. (CVE-2012-3971)
  • An XSLT out-of-bounds read error exists related to β€˜format-number’. (CVE-2012-3972)
  • The installer can be tricked into running unauthorized executables. (CVE-2012-3974)
  • The DOM parser can unintentionally load linked resources in extensions. (CVE-2012-3975)
  • Security checks related to location objects can be bypassed if crafted calls are made to the browser chrome code. (CVE-2012-3978)
  • Calling β€˜eval’ in the web console can allow injected code to be executed with browser chrome privileges. (CVE-2012-3980)
Binary data 6560.prm

References

Related

nessus 37
openvas 70
ubuntu 4
redhat 2
oraclelinux 2
mozilla 7
veracode 20
suse 4
debian 3
osv 3
centos 2
securityvulns 1
freebsd 1
ibm 2
ubuntucve 10
prion 7
nvd 7
cve 8
cvelist 8
seebug 1
nessus
nessus
Thunderbird < 15.0 Multiple Vulnerabilities (Mac OS X)
2012-08-29 00:00:00
Mozilla Thunderbird < 15.0 Multiple Vulnerabilities
2012-08-29 00:00:00
Mozilla Thunderbird 14.x <= 14 Multiple Vulnerabilities
2012-08-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1551-1)
2012-09-04 00:00:00
Ubuntu Update for thunderbird USN-1551-1
2012-09-04 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird)
2012-08-30 00:00:00
ubuntu
ubuntu
Thunderbird regressions
2012-09-28 00:00:00
Firefox vulnerabilities
2012-08-29 00:00:00
Thunderbird vulnerabilities
2012-08-30 00:00:00
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-08-29 00:00:00
firefox security update
2012-08-29 00:00:00
mozilla
mozilla
Use-after-free issues found using Address Sanitizer β€” Mozilla
2012-08-28 00:00:00
Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) β€” Mozilla
2012-08-28 00:00:00
SVG buffer overflow and use-after-free issues β€” Mozilla
2012-08-28 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:42:51
Memory Corruption
2019-05-02 04:42:50
Memory Corruption
2019-05-02 04:42:50
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
Security update for Mozilla Firefox (important)
2012-09-13 01:08:39
debian
debian
[SECURITY] [DSA 2556-1] icedove security update
2012-10-07 13:13:58
[SECURITY] [DSA 2554-1] iceape security update
2012-09-26 19:00:31
[SECURITY] [DSA 2553-1] iceweasel security update
2012-09-24 17:18:25
osv
osv
iceweasel - several
2012-09-24 00:00:00
iceape - several
2012-09-26 00:00:00
icedove - several
2012-10-07 00:00:00
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
ubuntucve
ubuntucve
CVE-2012-3975
2012-08-29 00:00:00
CVE-2012-3971
2012-08-29 00:00:00
CVE-2012-3980
2012-08-29 00:00:00
prion
prion
Code injection
2012-08-29 10:56:00
Integer overflow
2012-08-29 10:56:00
Memory corruption
2012-08-29 10:56:00
nvd
nvd
CVE-2012-1970
2012-08-29 10:56:39
CVE-2012-3975
2012-08-29 10:56:41
CVE-2012-3971
2012-08-29 10:56:40
cve
cve
CVE-2012-1970
2012-08-29 10:56:39
CVE-2012-3958
2012-08-29 10:56:40
CVE-2012-3974
2012-08-29 10:56:41
cvelist
cvelist
CVE-2012-3958
2012-08-29 10:00:00
CVE-2012-3966
2012-08-29 10:00:00
CVE-2012-1976
2012-08-29 10:00:00
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkeyζœ¬εœ°δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-09-04 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.217

Percentile

96.5%

JSON
Related for 6560.PRM
nessus37openvas70ubuntu4redhat2oraclelinux2mozilla7veracode20suse4debian3osv3centos2securityvulns1freebsd1ibm2ubuntucve10prion7nvd7cve8cvelist8seebug1