Date: 07 March 2006
References: ESB-2006.0617
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2006.0021 AUSCERT Advisory
[Win][UNIX/Linux]
Mozilla Thunderbird 1.0.7 and earlier allow remote code execution
7 March 2006
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Mozilla Thunderbird 1.0.7 and earlier
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-0884
OVERVIEW:
Mozilla Thunderbird 1.0.7 and prior are vulnerable to execution of
Javascript code referenced in IFRAME tags. Further details are
available from the original advisory on BugTraq [1].
IMPACT:
A remote attacker may be able to obtain sensitive information or crash
Thunderbird.
MITIGATION:
Upgrade to Mozilla Thunderbird 1.5 [2].
REFERENCES:
[1] http://www.securityfocus.com/archive/1/archive/1/425786/100/0/threaded
[2] http://www.mozilla.com/thunderbird/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRAzbSSh9+71yA2DNAQIq1wP/ZT5GlSuVgFcFGuGUh6ccnx/81+B4Vc46
luko08cWleJDH5m3vc7sheu6ikB2ivv8KhyjxieIfPT9gsmopKFEsLd1x7mm1pxF
JEYHN0eIZFN3SPCXaiiHZJx9TKr5bcVVpSEzeCG4UY6mRtQfMPJ9sTjhCyf1VV24
CLGK3/vFv8g=
=fPp4
-----END PGP SIGNATURE-----
|