SillyDog701

Message Centre 3.0

Skip to content

Mozilla Thunderbird Multiple Vulnerabilities

Firefox, Thunderbird, SeaMonkey, Camino, Mozilla, Netscape 6/7/8/9, and all Gecko-based browsers discussion and support forum.
(MozInfo701, Netscape Browser Archive)

Moderators: Antony, Edward, profman, Ramona

Post a reply

Mozilla Thunderbird Multiple Vulnerabilities

Postby Ramona » Thu 27 Jul, 2006 8:24 am

TITLE:
Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21228

VERIFY ADVISORY:
http://secunia.com/advisories/21228/

CRITICAL:
Highly critical

IMPACT:
DoS, System access, Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/
Mozilla Thunderbird 1.0.x
http://secunia.com/product/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/product/4652/

DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla Thunderbird,
which can be exploited by malicious people to conduct cross-site
scripting attacks and compromise a user's system.

For more information, see vulnerabilities #1, #3, #4, #5, #6, #7, #9,
#10, and #11:
SA19783

Successful exploitation of these vulnerabilities requires that
JavaScript is enabled in mails (not default setting).

A boundary error has also been reported in the handling of VCard
attachments. This can be exploited to cause a heap-based buffer
overflow via a malicious VCard with a specially crafted base64 field
that causes a crash and may allow execution of arbitrary code.

SOLUTION:
Update to version 1.5.0.5.

PROVIDED AND/OR DISCOVERED BY:
Daniel Veditz, Mozilla.

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announc ... 06-49.html

OTHER REFERENCES:
SA19783:
http://secunia.com/advisories/19873/
UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5
User avatar
Ramona
Moderator
Moderator
 
Posts: 2376
Joined: Wed 19 Jun, 2002 3:50 pm
Location: Midwest USA
Top

Re: Mozilla Thunderbird Multiple Vulnerabilities

Postby Antony » Thu 27 Jul, 2006 8:40 am

Ramona wrote:TITLE:
Mozilla Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21228

(...)

SOLUTION:
Update to version 1.5.0.5.

(...)
At time of this post, Thunderbird 1.5.0.5 is not yet listed in http://www.mozilla.com/thunderbird/
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
User avatar
Antony
diamond member
diamond member
 
Posts: 14510
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby Ramona » Thu 27 Jul, 2006 8:52 am

Antony,

You're right! :roll: Download is available here for now: Thunderbird FTP Download Site.

I've changed the links in my other posts...
UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5
User avatar
Ramona
Moderator
Moderator
 
Posts: 2376
Joined: Wed 19 Jun, 2002 3:50 pm
Location: Midwest USA
Top

Postby J-M » Fri 28 Jul, 2006 4:29 pm

Another company FrSIRT has assigned a Critical Risk (4/4) Mozilla Products vulnerability advisory on Wed 26th Jul, in turn:
http://www.frsirt.com/english/advisories/2006/2998
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top
Post a reply

Return to Firefox, SeaMonkey and Netscape

Who is online

Registered users: Google [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac