TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23420
VERIFY ADVISORY: http://secunia.com/advisories/23420/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, DoS, System access WHERE: >From remote SOFTWARE: Mozilla Thunderbird 1.0.x http://secunia.com/product/9735/ Mozilla Thunderbird 1.5.x http://secunia.com/product/4652/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system. See vulnerabilities #1 through #6 for more information: SA23282 The following two vulnerabilities have also been reported: 1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body. 2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow. SOLUTION: Update to version 1.5.0.9. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-74.html OTHER REFERENCES: SA23282: http://secunia.com/advisories/23282/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
