Mozilla Thunderbird Multiple Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 11 Feb 2008 4424 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Mozilla Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.

1. A memory corruption errors in the browser and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

2. The errors when processing JavaScript, which could be exploited by malicious web sites to execute arbitrary code or gain knowledge of sensitive information.

3. An input validation error when handling "chrome:" URIs, which could be exploited by attackers to load JavaScript, images, and stylesheets from local files in known locations.

4. An error when displaying timer-enabled security dialogs, which could be exploited by attackers to trick a user into confirming a security dialog by bringing the dialog back into focus right before a user clicked in a predictable time and place.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Mozilla Thunderbird 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Update to an upcoming version 2.0.0.12.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Nero Media Player M3U File Processing Buffer Overflow Vulnerability

6 Feb 2008 4791 Views

Next

Mozilla Firefox and SeaMonkey Multiple Vulnerabilities

11 Feb 2008 4515 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY