TITLE:
Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA20382
VERIFY ADVISORY:
http://secunia.c
om/advisories/20382/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, System access
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/p
roduct/2637/
Mozilla Thunderbird 1.0.x
http://secunia.com/p
roduct/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/p
roduct/4652/
DESCRIPTION:
Multiple vulnerabilities have been reported in Thunderbird,
which can
be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting and HTTP response
smuggling attacks, and potentially compromise a user's
system.
For more information, see vulnerabilities #1, #2, #3, #5,
#6,
#7, and
#9 in: SA20376
Successful exploitation of some of the vulnerabilities
requires
that
JavaScript is enabled (not enabled by default).
The following vulnerability has also been reported:
The vulnerability is caused due to a double-free error
within
the
processing of large VCards with invalid base64 characters.
This
may
be exploited to execute arbitrary code.
SOLUTION:
Update to version 1.5.0.4.
http://www.mozill
a.com/thunderbird/
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa
2006-40.html
OTHER REFERENCES:
SA20376:
http://secunia.c
om/advisories/20376/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|