Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Thunderbird, which can potentially be exploited to compromise a user's system.
2c52bd57fe17661184164c677c392b54b341b58a217d4022632097ed337cdeb6
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Mozilla Thunderbird Two Vulnerabilities
SECUNIA ADVISORY ID:
SA26096
VERIFY ADVISORY:
http://secunia.com/advisories/26096/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Mozilla Thunderbird 2.x
http://secunia.com/product/14070/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Thunderbird, which
can potentially be exploited to compromise a user's system.
1) An error when registering a URI handler potentially allows to
execute arbitrary code.
For more information:
SA25984
2) Various errors exists in the browser and Javascript engine.
For more information see vulnerabilities #1 and #2 in:
SA26095
SOLUTION:
The vulnerabilities will reportedly be fixed in version 2.0.0.5.
Disable Javascript and do not open mails or follow links from
untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor, originally discovered in Firefox.
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
http://www.mozilla.org/security/announce/2007/mfsa2007-23.html
OTHER REFERENCES:
SA25984:
http://secunia.com/advisories/25984/
SA26095:
http://secunia.com/advisories/26095/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------