Description: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Changelog: 2008-03-28: Added link to US-CERT.
2008-04-17: Updated "Description" and "Solution" section. Added reference to additional vulnerability.
2008-05-02: Updated "Solution" section. Updated CVE references and "Description" section based on additional information from the vendor regarding CVE-2008-1380.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.