CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
The remote host has a email client installed that is vulnerable to multiple attack vectors.
Versions of Thunderbird 8.0 are potentially affected by the following security issues :
An out-of-bounds memory access error exists in the βSVGβ implementation and can be triggered when βSVGβ elements are removed during a βDOMAttrModifiedβ event handler. (CVE-2011-3658)
Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660)
An error exists in the βYARRβ regular expression library that can cause application crashers when handling certain JavaScript statements. (CVE-2011-3661)
It is possible to detect keystrokes using βSVGβ animation βaccesskeyβ events even when JavaScript is disabled. (CVE-2011-3663)
AN error exists related to plugins that can allow a null pointer to be dereferenced when a plugin deletes its containing DOM frame during a call from that frame. It may be possible for a non-null pointer to be dereferenced thereby opening up the potential for further exploitation. (CVE-2011-3664)
It is possible to crash the application when βOGGβ βvideoβ elements are scaled to extreme sizes. (CVE-2011-3665)
Binary data 801222.prm
.mozilla.org/security/announce/2011/mfsa2011-53.html
.mozilla.org/security/announce/2011/mfsa2011-54.html
.mozilla.org/security/announce/2011/mfsa2011-55.html
.mozilla.org/security/announce/2011/mfsa2011-56.html
.mozilla.org/security/announce/2011/mfsa2011-57.html
.mozilla.org/security/announce/2011/mfsa2011-58.html
.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird9
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665