Mozilla Thunderbird contains many flaw that may allow a denial of service. When a major version of Thunderbird is released, the vendor includes a lengthy list of issues fixed. Among these are a wide variety of crashes in the mail client, some that initially show signs of memory corruption or exploitable overflows. In many cases, the issues are not fully examined, or examined and found not to allow for privilege escalation. Due to the large number of crash conditions, many of which could be leveraged as a remote or context-dependent denial of service, they are all included in one entry, grouped by major version. The bug reports attached to this entry provides a concise list of crash reports and other behavior that could represent DoS conditions. Note that not all of these are necessarily exploitable, even for a DoS, as the attack vector may be too severely limited. These issues were reported by a wide variety of people, too numerous to list in the creditee section.

Upgrade to version 16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Vendor Specific News/Changelog Entry: http://www.mozilla.org/en-US/thunderbird/16.0/releasenotes/buglist.html
  https://bugzilla.mozilla.org/show_bug.cgi?id=751544
  https://bugzilla.mozilla.org/show_bug.cgi?id=752768
  https://bugzilla.mozilla.org/show_bug.cgi?id=783479
  https://bugzilla.mozilla.org/show_bug.cgi?id=790234
  https://bugzilla.mozilla.org/show_bug.cgi?id=795707

• Patrick Brunschwig
• Ludovic Hirlimann
• Makoto Kato
• Wayne Mery
• Mark Banner

NVD does not currently have a CVSSv2 score assigned.