TheTerrorist_75 Posted June 2, 2006 Report Share Posted June 2, 2006 VERIFY ADVISORY: SECUNIA ADVISORY ID: SA20382CRITICAL: Highly criticalIMPACT: Security Bypass, Cross Site Scripting, System accessWHERE: From remoteSOFTWARE:Mozilla Thunderbird 0.xMozilla Thunderbird 1.0.xMozilla Thunderbird 1.5.xDESCRIPTION:Multiple vulnerabilities have been reported in Thunderbird, which canbe exploited by malicious people to bypass certain securityrestrictions, conduct cross-site scripting and HTTP responsesmuggling attacks, and potentially compromise a user's system.For more information, see vulnerabilities #1, #2, #3, #5, #6, #7, and#9 in: SA20376Successful exploitation of some of the vulnerabilities requires thatJavaScript is enabled (not enabled by default).The following vulnerability has also been reported:The vulnerability is caused due to a double-free error within theprocessing of large VCards with invalid base64 characters. This maybe exploited to execute arbitrary code.SOLUTION: Update to version 1.5.0.4.PROVIDED AND/OR DISCOVERED BY: Masatoshi KimuraORIGINAL ADVISORY:http://www.mozilla.org/security/anno...sa2006-40.htmlOTHER REFERENCES:SA20376Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.