TITLE:
Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21228
VERIFY ADVISORY:
http://secunia.c
om/advisories/21228/
CRITICAL:
Highly critical
IMPACT:
DoS, System access, Cross Site Scripting
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/p
roduct/2637/
Mozilla Thunderbird 1.0.x
http://secunia.com/p
roduct/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/p
roduct/4652/
DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla
Thunderbird,
which can be exploited by malicious people to conduct
cross-site
scripting attacks and compromise a user's system.
For more information, see vulnerabilities #1, #3, #4, #5,
#6,
#7, #9,
#10, and #11:
http://secunia.c
om/advisories/19873/
Successful exploitation of these vulnerabilities requires
that
JavaScript is enabled in mails (not default setting).
A boundary error has also been reported in the handling of
VCard
attachments. This can be exploited to cause a heap-based
buffer
overflow via a malicious VCard with a specially crafted
base64
field
that causes a crash and may allow execution of arbitrary
code.
SOLUTION:
Update to version 1.5.0.5.
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa
2006-49.html
OTHER REFERENCES:
SA19783:
http://secunia.c
om/advisories/19873/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|