TITLE:
Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21939
VERIFY ADVISORY:
http://secunia.c
om/advisories/21939/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 1.5.x
http://secunia.com/p
roduct/4652/
Mozilla Thunderbird 1.0.x
http://secunia.com/p
roduct/9735/
Mozilla Thunderbird 0.x
http://secunia.com/p
roduct/2637/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla
Thunderbird,
which
can be exploited by malicious people to conduct
man-in-the-middle
attacks, bypass certain security restrictions, and
potentially
compromise a user's system.
The problem is that scripts in remote XBL files in e-mails
can
be
executed even when JavaScript has been disabled (JavaScript
is
disabled by default). This can be exploited to cause
JavaScript
code
to be executed whenever the HTML content of an e-mail is
being
viewed, forwarded, or replied to. This may also enable
exploitation
of vulnerabilities requiring JavaScript.
Successful exploitation requires that the "Load
Images" setting
is
enabled.
Some other vulnerabilities have also been reported. For more
information:
SA21903
And vulnerabilities #1, #2, #3, and #7 in:
SA21906
NOTE: Exploitation of some of the vulnerabilities requires
that
JavaScript is enabled.
SOLUTION:
Update to version 1.5.0.7.
http://www.mozill
a.com/thunderbird/
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa
2006-63.html
OTHER REFERENCES:
SA21903:
http://secunia.c
om/advisories/21903/
SA21906:
http://secunia.c
om/advisories/21906/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|