Vigil@nce: Thunderbird, several vulnerabilities
July 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities were announced in Thunderbird, the worst
one leading to code execution.
Gravity: 4/4
Consequences: user access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 02/07/2008
Identifier: VIGILANCE-VUL-7924
IMPACTED PRODUCTS
– Mozilla Thunderbird [confidential versions]
DESCRIPTION
Several vulnerabilities were announced in Thunderbird.
An attacker can corrupt the memory in order to execute code.
[grav:4/4; CVE-2008-2798, CVE-2008-2799, MFSA 2008-21]
An attacker can execute a Chrome script via a "fastload" file.
[grav:4/4; CVE-2008-2802, MFSA 2008-24]
An attacker can execute code via mozIJSSubScriptLoader.loadSubScript().
[grav:4/4; CVE-2008-2803, MFSA 2008-25]
An attacker can execute code when a block is redrawn. [grav:4/4;
CVE-2008-2811, MFSA 2008-33, VU#607267]
CHARACTERISTICS
Identifiers: CVE-2008-2798, CVE-2008-2799, CVE-2008-2802,
CVE-2008-2803, CVE-2008-2811, MFSA 2008-21, MFSA 2008-24, MFSA 2008-25, MFSA 2008-33, VIGILANCE-VUL-7924, VU#607267