TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21939
VERIFY ADVISORY: http://secunia.com/advisories/21939/ CRITICAL: Highly critical IMPACT: Security Bypass, DoS, System access WHERE: >From remote SOFTWARE: Mozilla Thunderbird 1.5.x http://secunia.com/product/4652/ Mozilla Thunderbird 1.0.x http://secunia.com/product/9735/ Mozilla Thunderbird 0.x http://secunia.com/product/2637/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct man-in-the-middle attacks, bypass certain security restrictions, and potentially compromise a user's system. The problem is that scripts in remote XBL files in e-mails can be executed even when JavaScript has been disabled (JavaScript is disabled by default). This can be exploited to cause JavaScript code to be executed whenever the HTML content of an e-mail is being viewed, forwarded, or replied to. This may also enable exploitation of vulnerabilities requiring JavaScript. Successful exploitation requires that the "Load Images" setting is enabled. Some other vulnerabilities have also been reported. For more information: SA21903 And vulnerabilities #1, #2, #3, and #7 in: SA21906 NOTE: Exploitation of some of the vulnerabilities requires that JavaScript is enabled. SOLUTION: Update to version 1.5.0.7. http://www.mozilla.com/thunderbird/ ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-63.html OTHER REFERENCES: SA21903: http://secunia.com/advisories/21903/ SA21906: http://secunia.com/advisories/21906/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
