Rapid7 Vulnerability & Exploit Database

USN-1430-3: Thunderbird vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-1430-3: Thunderbird vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

04/25/2012

Created

07/25/2018

Added

05/06/2013

Modified

07/09/2020

Description

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."

Solution(s)

ubuntu-upgrade-thunderbird

References

https://attackerkb.com/topics/cve-2011-1187
46785
53219
53220
53221
53223
53224
53225
53227
53228
53229
53230
53231
CVE - 2011-1187
CVE - 2011-3062
CVE - 2012-0467
CVE - 2012-0468
CVE - 2012-0469
CVE - 2012-0470
CVE - 2012-0471
CVE - 2012-0473
CVE - 2012-0474
CVE - 2012-0475
CVE - 2012-0477
CVE - 2012-0478
CVE - 2012-0479
80740
OVAL14369
OVAL15488
OVAL16107
OVAL16113
OVAL16279
OVAL16734
OVAL16771
OVAL16889
OVAL16893
OVAL16961
OVAL16989
OVAL17011
OVAL17074
USN-1430-3
65951
74412
75155

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;