SECUNIA ADVISORY ID: SA23420
VERIFY ADVISORY: http://secunia.com/advisories/23420/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, DoS, System access
SOFTWARE:
Mozilla Thunderbird 1.0.x - http://secunia.com/product/9735/
Mozilla Thunderbird 1.5.x - http://secunia.com/product/4652/
DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system. See vulnerabilities #1 through #6 for more information: SA23282 The following two vulnerabilities have also been reported:
1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body.
2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow.
SOLUTION: Update to version 1.5.0.9.
PROVIDED AND/OR DISCOVERED BY:
1) Georgi Guninski
2) David Bienvenu
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-74.html
OTHER REFERENCES: SA23282: http://secunia.com/advisories/23282/
Mozilla Thunderbird Multiple VulnerabilitiesPosted on Wednesday, December 20, 2006 @ 16:01:08 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
