TITLE:
Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA23420
VERIFY ADVISORY:
http://secunia.c
om/advisories/23420/
CRITICAL:
Highly critical
IMPACT:
Cross Site Scripting, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 1.0.x
http://secunia.com/p
roduct/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/p
roduct/4652/
DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla
Thunderbird,
which can be exploited by malicious people to conduct
cross-site
scripting attacks and potentially compromise a user's
system.
See vulnerabilities #1 through #6 for more information:
SA23282
The following two vulnerabilities have also been reported:
1) A boundary error within the processing of mail headers
can
be
exploited to cause a heap-based buffer overflow via an
overly
long
"Content-Type" header in an external message body.
2) A boundary error within the processing of rfc2047-encoded
headers
can be exploited to cause a heap-based buffer overflow.
SOLUTION:
Update to version 1.5.0.9.
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa
2006-74.html
OTHER REFERENCES:
SA23282:
http://secunia.c
om/advisories/23282/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|