Package: mozilla-thunderbird Version: 1.0.2-2.sarge1.0.7 Severity: important
security focus reports a file attachment problem: http://www.securityfocus.com/bid/16271 In short, it seems attackers can trick users into saving files that are spoofed. Quoting the secunia description: >The vulnerability is caused due to attachments not being displayed >correctly in mails. This can be exploited to spoof the file extension >and the associated file type icon via a combination of overly long >filenames containing whitespaces and "Content-Type" headers not >matching the file extension. It got fixed in 1.5 and in CVS ages ago, but wasn't disclosed until this January. Geoff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
