|
 |
|
Thunderbird Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA20382
|
|
|
Release Date:
|
2006-06-02
|
|
Last Update:
|
2006-06-20
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Mozilla Thunderbird 0.x
Mozilla Thunderbird 1.0.x
Mozilla Thunderbird 1.5.x
|
| | CVE reference: | CVE-2006-2775 (Secunia mirror)
CVE-2006-2776 (Secunia mirror)
CVE-2006-2778 (Secunia mirror)
CVE-2006-2779 (Secunia mirror)
CVE-2006-2780 (Secunia mirror)
CVE-2006-2781 (Secunia mirror)
CVE-2006-2783 (Secunia mirror)
CVE-2006-2786 (Secunia mirror)
CVE-2006-2787 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system.
For more information, see vulnerabilities #1, #2, #3, #5, #6, #7, and #9 in:
SA20376
Successful exploitation of some of the vulnerabilities requires that JavaScript is enabled (not enabled by default).
The following vulnerability has also been reported:
The vulnerability is caused due to a double-free error within the processing of large VCards with invalid base64 characters. This may be exploited to execute arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to version 1.5.0.4.
http://www.mozilla.com/thunderbird/
Provided and/or discovered by:
Masatoshi Kimura
Changelog:
2006-06-07: Added CVE references.
2006-06-20: Added CVE references.
Original Advisory:
http://www.mozilla.org/security/announce/2006/mfsa2006-40.html
Other References:
SA20376:
http://secunia.com/advisories/20376/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
29 Related Secunia Security Advisories, displaying 10
|
|
|
1. Thunderbird Multiple Vulnerabilities
|
|
2. Mozilla Products Addon Chrome-Loaded "about:blank" Cross-Context Scripting
|
|
3. Mozilla Thunderbird Two Vulnerabilities
|
|
4. Mozilla Thunderbird Memory Corruption Vulnerability
|
|
5. Mozilla Thunderbird Multiple Vulnerabilities
|
|
6. Mozilla Thunderbird Multiple Vulnerabilities
|
|
7. Mozilla Thunderbird Multiple Vulnerabilities
|
|
8. Mozilla Thunderbird Multiple Vulnerabilities
|
|
9. Mozilla Thunderbird Multiple Vulnerabilities
|
|
10. Thunderbird Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
