Mozilla Thunderbird Multiple Vulnerabilities Date: Wednesday, December 20, 2006 @ 17:01:08 UTC Topic: Security SECUNIA ADVISORY ID: SA23420 VERIFY ADVISORY: http://secunia.com/advisories/23420/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, DoS, System access SOFTWARE: Mozilla Thunderbird 1.0.x - http://secunia.com/product/9735/ Mozilla Thunderbird 1.5.x - http://secunia.com/product/4652/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system. See vulnerabilities #1 through #6 for more information: SA23282 The following two vulnerabilities have also been reported: 1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body. 2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow. SOLUTION: Update to version 1.5.0.9. PROVIDED AND/OR DISCOVERED BY: 1) Georgi Guninski 2) David Bienvenu ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-74.html OTHER REFERENCES: SA23282: http://secunia.com/advisories/23282/ This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2578