TITLE: Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA20382
VERIFY ADVISORY: http://secunia.com/advisories/20382/
CRITICAL: Highly critical
IMPACT: Security Bypass, Cross Site Scripting, System access
WHERE: >From remote
SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/
Mozilla Thunderbird 1.0.x
http://secunia.com/product/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/product/4652/
DESCRIPTION: Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system. For more information, see vulnerabilities #1, #2, #3, #5, #6, #7, and #9 in: SA20376. Successful exploitation of some of the vulnerabilities requires that JavaScript is enabled (not enabled by default).
The following vulnerability has also been reported: The vulnerability is caused due to a double-free error within the processing of large VCards with invalid base64 characters. This may be exploited to execute arbitrary code.
SOLUTION: Update to version 1.5.0.4.
http://www.mozilla.com/thunderbird/
PROVIDED AND/OR DISCOVERED BY: Masatoshi Kimura
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-40.html
OTHER REFERENCES: SA20376: http://secunia.com/advisories/20376/
Thunderbird Multiple Vulnerabilities - Highly CriticalPosted on Friday, June 02, 2006 @ 09:03:58 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
