|
 |
|
Mozilla Thunderbird Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA21939
|
|
|
Release Date:
|
2006-09-15
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Mozilla Thunderbird 0.x
Mozilla Thunderbird 1.0.x
Mozilla Thunderbird 1.5.x
|
| | CVE reference: | CVE-2006-4253 (Secunia mirror)
CVE-2006-4339 (Secunia mirror)
CVE-2006-4340 (Secunia mirror)
CVE-2006-4565 (Secunia mirror)
CVE-2006-4566 (Secunia mirror)
CVE-2006-4567 (Secunia mirror)
CVE-2006-4570 (Secunia mirror)
CVE-2006-4571 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct man-in-the-middle attacks, bypass certain security restrictions, and potentially compromise a user's system.
The problem is that scripts in remote XBL files in e-mails can be executed even when JavaScript has been disabled (JavaScript is disabled by default). This can be exploited to cause JavaScript code to be executed whenever the HTML content of an e-mail is being viewed, forwarded, or replied to. This may also enable exploitation of vulnerabilities requiring JavaScript.
Successful exploitation requires that the "Load Images" setting is enabled.
Some other vulnerabilities have also been reported. For more information:
SA21903
And vulnerabilities #1, #2, #3, and #7 in:
SA21906
NOTE: Exploitation of some of the vulnerabilities requires that JavaScript is enabled.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to version 1.5.0.7.
http://www.mozilla.com/thunderbird/
Provided and/or discovered by:
Georgi Guninski
Original Advisory:
http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
Other References:
SA21903:
http://secunia.com/advisories/21903/
SA21906:
http://secunia.com/advisories/21906/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
29 Related Secunia Security Advisories, displaying 10
|
|
|
1. Thunderbird Multiple Vulnerabilities
|
|
2. Mozilla Products Addon Chrome-Loaded "about:blank" Cross-Context Scripting
|
|
3. Mozilla Thunderbird Two Vulnerabilities
|
|
4. Mozilla Thunderbird Memory Corruption Vulnerability
|
|
5. Mozilla Thunderbird Multiple Vulnerabilities
|
|
6. Mozilla Thunderbird Multiple Vulnerabilities
|
|
7. Mozilla Thunderbird Multiple Vulnerabilities
|
|
8. Mozilla Thunderbird Multiple Vulnerabilities
|
|
9. Thunderbird Multiple Vulnerabilities
|
|
10. Thunderbird Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
