FrSIRT - Mozilla Thunderbird Code Execution and Cross Site Scripting Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Title : Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
Advisory ID : FrSIRT/ADV-2008-0999
CVE ID : CVE-2008-1233 - CVE-2008-1234 - CVE-2008-1235 - CVE-2008-1236 - CVE-2008-1237
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-03-26

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Mozilla Thunderbird, which could be exploited by attackers to bypass security restrictions, execute arbitrary scripting code, cause a denial of service or take complete control of an affected system.

The first issue is caused by an error in the handling of "XPCNativeWrappers", which could be exploited by attackers to execute arbitrary code by calling "setTimeout()".

The second vulnerability is caused by input validation errors when handling JavaScript, which could be exploited to execute arbitrary scripting code.

The third issue is caused by memory corruption errors in the layout and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

Credits

Vulnerabilities reported by moz_bug_r_a4, Boris Zbarsky, Johnny Stenback, Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett, Mats Palmgren, georgi, tgirmann, and Igor Bukanov.

ChangeLog

2008-03-25 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Sun Java System AS and WS JSP Source Code Disclosure Vulnerability
	Sun Solaris Tcl GUI Toolkit Library Code Execution Vulnerabilities
	Sun Java System Web Server Cross Site Scripting Vulnerability
	Sun Ray Server Kiosk Mode Root Privilege Escalation Vulnerability
	Sun Solaris TCP Implementation Remote Denial of Service Vulnerability
	Sun Solaris Update Fixes OpenSSH Information Disclosure
	Sun Solaris SCTP Protocol Remote Denial of Service

	Apple Safari URL Spoofing and Denial of Service
	Apple Safari Code Execution and Cross Site Scripting Vulnerabilities
	Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
	Apple Safari Memory Corruption and Address Bar Spoofing Vulnerabilities
	Apple Aperture and iPhoto DNG Image Buffer Overflow Vulnerability
	Apple AirPort Extreme AFP Request Denial of Service Vulnerability
	Apple Mac OS X Command Execution and Security Bypass Issues