Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)

Versions of Mozilla Thunderbird prior to 38.1 are outdated and thus unpatched for the following vulnerabilities :

• A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, then the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721)
• Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725)
• A use-after-free error exists in the ‘CSPService::ShouldLoad()’ function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731)
• An uninitialized memory use issue exists in the ‘CairoTextureClientD3D9::BorrowDrawTarget()’ function, the ‘::d3d11::SetBufferData()’ function, and the ‘YCbCrImageDataDeserializer::ToDataSourceSurface()’ function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738)
• A memory corruption issue exists in the ‘nsZipArchive::GetDataOffset()’ function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735)
• A memory corruption issue exists in the ‘nsZipArchive::BuildFileList()’ function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736)
• An unspecified memory corruption issue exists in the ‘ArrayBufferBuilder::append()’ function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2739)
• A buffer overflow condition exists in the ‘nsXMLHttpRequest::AppendToResponseText()’ function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code. (CVE-2015-2740)
• A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions. (CVE-2015-2741)
• A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)