French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Title : Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
Advisory ID : FrSIRT/ADV-2008-0454
CVE ID : CVE-2008-0304 - CVE-2008-0412 - CVE-2008-0413 - CVE-2008-0415 - CVE-2008-0418 - CVE-2008-0591
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-02-08

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mozilla Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.

The first issue is caused by memory corruption errors in the browser and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

The second vulnerability is caused by errors when processing JavaScript, which could be exploited by malicious web sites to execute arbitrary code or gain knowledge of sensitive information.

The third issue is caused by an input validation error when handling "chrome:" URIs, which could be exploited by attackers to load JavaScript, images, and stylesheets from local files in known locations. For additional information, see : FrSIRT/ADV-2008-0263

The fourth weakness is caused by an error when displaying timer-enabled security dialogs, which could be exploited by attackers to trick a user into confirming a security dialog by bringing the dialog back into focus right before a user clicked in a predictable time and place.

The fifth vulnerbility is caused by an error in the BMP decoder when handling methods associated with the "canvas" feature, which could be exploited by attackers to reveal small chunks of uninitialized memory that might contain sensitive data from other pages or other programs.

The sixth issue is caused by a buffer overflow error when handling email messages with an external MIME body, which could be exploited to crash an affected application or execute arbitrary code.

Credits

Vulnerabilities reported by Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, Paul Nickerson, Justin Dolske, Gerry Eisenhaur, David Bloom, Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, tgirmann, Boris Zbarsky, Gerry Eisenhaur, Michal Zalewski, Gynvael Coldwind, regenrecht and iDefense Labs.

ChangeLog

2008-02-08 : Initial release
2008-02-20 : Updated Advisory
2008-02-27 : Updated Description

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Internet Explorer Printing Cross-Zone Scripting Vulnerability

Microsoft Malware Protection Engine Remote DoS Vulnerability (MS08-029)

Microsoft Publisher Object Handler Validation Vulnerability (MS08-027)

Microsoft Office Multiple Code Execution Vulnerabilities (MS08-026)

Microsoft Windows XP I2O Filter Privilege Escalation Vulnerability

Microsoft Internet Explorer DisableCachingOfSSLPages Weakness

Microsoft Windows CE Image Handling Code Execution Vulnerabilities

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Apple Safari URL Spoofing and Denial of Service

Apple Safari Code Execution and Cross Site Scripting Vulnerabilities

Apple QuickTime Multiple File Handling Code Execution Vulnerabilities

Apple Safari Memory Corruption and Address Bar Spoofing Vulnerabilities

Apple Aperture and iPhoto DNG Image Buffer Overflow Vulnerability

Apple AirPort Extreme AFP Request Denial of Service Vulnerability

Apple Mac OS X Command Execution and Security Bypass Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy