Multiple vulnerabilities have been identified in Mozilla Thunderbird, which could be exploited by attackers to take complete control of an affected system or cause a denial of service.
The first issue is due to memory corruption errors in the layout, SVG and JavaScript engines, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The second vulnerability is due to buffer overflow errors in the Network Security Services (NSS) when processing a certificate with a public key too small to encrypt the "Master Secret" or when handling invalid parameters while negotiating an SSLv2 session, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The third issue is due to a memory corruption error when handling "onUnload" events and self-modifying "document.write()" calls, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
Credits
Vulnerabilities reported by Jesse Ruderman, Martijn Wargers, Olli Pettay, Tom Ferris, Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4, shutdown, regenrecht and iDefense Labs.
ChangeLog
2007-02-24 : Initial release
2007-02-25 : Updated References
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
