Description: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system.
See vulnerabilities #1 through #6 for more information: SA23282
The following two vulnerabilities have also been reported:
1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body.
2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution: Update to version 1.5.0.9.
Provided and/or discovered by: 1) Georgi Guninski
2) David Bienvenu
Changelog: 2006-12-21: Added links to US-CERT.
2007-01-19: Added links to US-CERT.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.