CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.8%
Thunderbird 6.0 is potentially affected by multiple vulnerabilities :
If an attacker could trick a user into holding down the βEnterβ key, via a malicious game, for example, a malicious application or extension could be downloaded or executed. (CVE-2011-2372, CVE-2011-3001)
Unspecified errors exist that can be exploited to corrupt memory. No additional information is avialable at this time. (CVE-2011-2995, CVE-2011-2997)
A weakness exists when handling the βLocationβ header. This can lead to response splitting attacks when visiting a vulnerable web server. The same fix has been applied to the headers βContent-Lengthβ and 'Content-Disposition. (CVE-2011-3000)
A use-after-free error exists when parsing OGG headers. (CVE-2011-3005)
There is an unspecified error within the YARR regular expression library that can be exploited to corrupt memory. (CVE-2011-3232)
Binary data 801344.prm
.mozilla.org/security/announce/2011/mfsa2011-36.html
.mozilla.org/security/announce/2011/mfsa2011-39.html
.mozilla.org/security/announce/2011/mfsa2011-40.html
.mozilla.org/security/announce/2011/mfsa2011-42.html
.mozilla.org/security/announce/2011/mfsa2011-44.html
.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird7
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232