TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21228
VERIFY ADVISORY: http://secunia.com/advisories/21228/ CRITICAL: Highly critical IMPACT: DoS, System access, Cross Site Scripting WHERE: >From remote SOFTWARE: Mozilla Thunderbird 0.x http://secunia.com/product/2637/ Mozilla Thunderbird 1.0.x http://secunia.com/product/9735/ Mozilla Thunderbird 1.5.x http://secunia.com/product/4652/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. For more information, see vulnerabilities #1, #3, #4, #5, #6, #7, #9, #10, and #11: http://secunia.com/advisories/19873/ Successful exploitation of these vulnerabilities requires that JavaScript is enabled in mails (not default setting). A boundary error has also been reported in the handling of VCard attachments. This can be exploited to cause a heap-based buffer overflow via a malicious VCard with a specially crafted base64 field that causes a crash and may allow execution of arbitrary code. SOLUTION: Update to version 1.5.0.5. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-49.html OTHER REFERENCES: SA19783: http://secunia.com/advisories/19873/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
