---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Two Vulnerabilities SECUNIA ADVISORY ID: SA26096 VERIFY ADVISORY: http://secunia.com/advisories/26096/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Mozilla Thunderbird 2.x http://secunia.com/product/14070/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can potentially be exploited to compromise a user's system. 1) An error when registering a URI handler potentially allows to execute arbitrary code. For more information: SA25984 2) Various errors exists in the browser and Javascript engine. For more information see vulnerabilities #1 and #2 in: SA26095 SOLUTION: The vulnerabilities will reportedly be fixed in version 2.0.0.5. Disable Javascript and do not open mails or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor, originally discovered in Firefox. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-23.html OTHER REFERENCES: SA25984: http://secunia.com/advisories/25984/ SA26095: http://secunia.com/advisories/26095/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------