[PCWorks] Vulnerability in Mozilla Thunderbird MIME Processing Buffer Overflow

• From: "Clint Hamilton-PCWorks Admin-OrpheusComputing.com & ComputersCustomBuilt.com" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Thu, 28 Feb 2008 01:02:24 -0600

TITLE:
Mozilla Thunderbird MIME Processing Buffer Overflow 
Vulnerability

SECUNIA ADVISORY ID:
SA29133

VERIFY ADVISORY:
http://secunia.com/advisories/29133/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Mozilla Thunderbird 2.x
http://secunia.com/product/14070/

DESCRIPTION:
A vulnerability has been reported in Mozilla Thunderbird, which 
can
be exploited by malicious people to potentially compromise a 
user's
system.

The vulnerability is caused due to an error within the handling 
of
external-body MIME types. This can be exploited to cause a 
heap-based
buffer overflow with three bytes by tricking a user into 
viewing a
specially crafted email.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 2.0.0.9. Prior 
versions may
also be affected.

SOLUTION:
Update to version 2.0.0.12.

ORIGINAL ADVISORY:
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668

Mozilla Foundation:
http://www.mozilla.org/security/announce/2008/mfsa2008-12.html

=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.

Other related posts:

• » [PCWorks] Vulnerability in Mozilla Thunderbird MIME Processing Buffer Overflow

1. Home
2. pcworks
3. Archive
4. 02-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---