TITLE: Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20382
VERIFY ADVISORY: http://secunia.com/advisories/20382/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, System access WHERE: >From remote SOFTWARE: Mozilla Thunderbird 0.x http://secunia.com/product/2637/ Mozilla Thunderbird 1.0.x http://secunia.com/product/9735/ Mozilla Thunderbird 1.5.x http://secunia.com/product/4652/ DESCRIPTION: Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system. For more information, see vulnerabilities #1, #2, #3, #5, #6, #7, and #9 in: SA20376 Successful exploitation of some of the vulnerabilities requires that JavaScript is enabled (not enabled by default). The following vulnerability has also been reported: The vulnerability is caused due to a double-free error within the processing of large VCards with invalid base64 characters. This may be exploited to execute arbitrary code. SOLUTION: Update to version 1.5.0.4. http://www.mozilla.com/thunderbird/ ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-40.html OTHER REFERENCES: SA20376: http://secunia.com/advisories/20376/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
