Technical Description

Multiple vulnerabilities have been identified in Mozilla Thunderbird, which could be exploited by attackers to take complete control of an affected system or cause a denial of service.

The first issue is due to memory corruption errors in the layout, SVG and JavaScript engines, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.

The second vulnerability is due to buffer overflow errors in the Network Security Services (NSS) when processing a certificate with a public key too small to encrypt the "Master Secret" or when handling invalid parameters while negotiating an SSLv2 session, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.

The third issue is due to a memory corruption error when handling "onUnload" events and self-modifying "document.write()" calls, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.

Affected Products

Mozilla Thunderbird versions prior to 1.5.0.10

Solution

Upgrade to Mozilla Thunderbird version 1.5.0.10 :
http://www.mozilla.org/projects/thunderbird/

References

http://www.vupen.com/english/advisories/2007/0719
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html

Credits

Vulnerabilities reported by Jesse Ruderman, Martijn Wargers, Olli Pettay, Tom Ferris, Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4, shutdown, regenrecht and iDefense Labs.

ChangeLog

2007-02-24 : Initial release
2007-02-25 : Updated References

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.