Lucene search
Tenable8745.PRMHistoryApr 29, 2015 - 12:00 a.m.
Mozilla Thunderbird < 31.6 Multiple Vulnerabilities
2015-04-2900:00:00
Tenable
www.tenable.com
23
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.961
Percentile
99.5%
Versions of Mozilla Thunderbird prior to 31.6 are prone to the following vulnerabilities :
- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. (CVE-2015-0801)
- A cross-site request forgery (XSRF) vulnerability exists in the ‘sendBeacon()’ function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
- A use-after-free vulnerability affects the ‘AppendElements()’ function when the Fluendo MP3 plugin for GStreamer is used. A remote attacker could exploit this to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted MP3 file. (CVE-2015-0813)
- Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code. (CVE-2015-0814, CVE-2015-0815)
- A privilege escalation vulnerability exists related to documents loaded through a ‘resource:’ URL. An attacker can exploit this to load pages and execute JavaScript with elevated privileges. (CVE-2015-0816)
Binary data 8745.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | thunderbird | cpe:/a:mozilla:thunderbird |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816
www.mozilla.org/security/announce/2014/mfsa2015-30.html
www.mozilla.org/security/announce/2014/mfsa2015-31.html
www.mozilla.org/security/announce/2014/mfsa2015-33.html
www.mozilla.org/security/announce/2014/mfsa2015-37.html
www.mozilla.org/security/announce/2014/mfsa2015-40.html
Related
suse
suse
Security update for MozillaFirefox (important)
2015-04-10 17:04:55
Security update for MozillaFirefox (important)
2015-04-10 18:04:46
Update to Firefox 31.7.0esr (important)
2015-05-18 13:04:51
nessus
nessus
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10571)
2015-04-13 00:00:00
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)
2015-04-02 00:00:00
Debian DSA-3211-1 : iceweasel - security update
2015-04-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0706-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0704-1)
2021-04-19 00:00:00
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:0704-1)
2015-10-16 00:00:00
debian
debian
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
[SECURITY] [DSA 3212-1] icedove security update
2015-04-02 20:35:14
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
centos
centos
firefox, xulrunner security update
2015-03-31 23:44:15
thunderbird security update
2015-04-01 14:33:26
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-05-02 05:12:57
Arbitrary Code Execution
2019-05-02 05:12:58
Denial Of Service (DoS)
2019-05-02 05:12:58
archlinux
archlinux
thunderbird: multiple issues
2015-04-04 00:00:00
firefox: multiple issues
2015-04-01 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-04-01 00:00:00
thunderbird security update
2015-04-01 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2015-04-02 00:00:00
Firefox vulnerabilities
2015-04-01 00:00:00
redhat
redhat
(RHSA-2015:0771) Important: thunderbird security update
2015-04-01 00:00:00
(RHSA-2015:0766) Critical: firefox security update
2015-03-31 00:00:00
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2015-04-03 16:11:23
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
mozilla
mozilla
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) — Mozilla
2015-03-31 00:00:00
resource:// documents can load privileged pages — Mozilla
2015-03-31 00:00:00
Use-after-free when using the Fluendo MP3 GStreamer plugin — Mozilla
2015-03-31 00:00:00
kaspersky
kaspersky
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
nvd
nvd
prion
prion
Design/Logic Flaw
2015-04-01 10:59:00
Design/Logic Flaw
2015-04-01 10:59:00
Memory corruption
2015-04-01 10:59:00
cvelist
cvelist
cve
cve
ubuntucve
ubuntucve
zdi
zdi
(Pwn2Own) Mozilla Firefox resource: URL Remote Code Execution Vulnerability
2015-04-03 00:00:00
zdt
zdt
Firefox PDF.js Privileged Javascript Injection Exploit
2015-08-23 00:00:00
packetstorm
packetstorm
Firefox PDF.js Privileged Javascript Injection
2015-08-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Firefox PDF.js Javascript Injection (CVE-2015-0802; CVE-2015-0816)
2017-08-29 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.961
Percentile
99.5%
Related for 8745.PRM