|
|
|
 |
Vulnerability Note VU#561022Mozilla contains a buffer overflow in the SendUidl() functionOverviewA vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system.I. DescriptionPost Office Protocol Version 3 (POP3) is a mail protocol that provides a means for retrieving email from a remote server. This protocol is supported by Mozilla, Firefox, and Thunderbird. These clients contain a vulnerability that allows malformed POP3 responses to trigger a buffer overflow condition in the SendUidl() function. Such responses can be sent by a remote POP3 server and could result in arbitrary code execution.II. ImpactBy sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server.III. SolutionUpgradeUpgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7, Firefox 0.9, and Thunderbird 0.7.2.
References
This vulnerability was reported by Zen Parse. This document was written by Damon Morda.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader