Rhino
06-02-2006, 06:09 AM
TITLE:
Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA20382
VERIFY ADVISORY:
http://secunia.com/advisories/20382/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, System access
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/
Mozilla Thunderbird 1.0.x
http://secunia.com/product/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/product/4652/
DESCRIPTION:
Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system.
For more information, see vulnerabilities #1, #2, #3, #5, #6, #7, and
#9 in:
SA20376
Successful exploitation of some of the vulnerabilities requires that JavaScript is enabled (not enabled by default).
The following vulnerability has also been reported:
The vulnerability is caused due to a double-free error within the processing of large VCards with invalid base64 characters. This may be exploited to execute arbitrary code.
SOLUTION:
Update to version 1.5.0.4.
http://www.mozilla.com/thunderbird/
PROVIDED AND/OR DISCOVERED BY:
Masatoshi Kimura
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa2006-40.html
OTHER REFERENCES:
SA20376:
http://secunia.com/advisories/20376/
Thunderbird Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA20382
VERIFY ADVISORY:
http://secunia.com/advisories/20382/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, System access
WHERE:
From remote
SOFTWARE:
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/
Mozilla Thunderbird 1.0.x
http://secunia.com/product/9735/
Mozilla Thunderbird 1.5.x
http://secunia.com/product/4652/
DESCRIPTION:
Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system.
For more information, see vulnerabilities #1, #2, #3, #5, #6, #7, and
#9 in:
SA20376
Successful exploitation of some of the vulnerabilities requires that JavaScript is enabled (not enabled by default).
The following vulnerability has also been reported:
The vulnerability is caused due to a double-free error within the processing of large VCards with invalid base64 characters. This may be exploited to execute arbitrary code.
SOLUTION:
Update to version 1.5.0.4.
http://www.mozilla.com/thunderbird/
PROVIDED AND/OR DISCOVERED BY:
Masatoshi Kimura
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2006/mfsa2006-40.html
OTHER REFERENCES:
SA20376:
http://secunia.com/advisories/20376/