|
|
|
Vulnerability Note VU#887332Mozilla mail products vulnerable to heap buffer overflow via Content-Type headersOverviewMozilla mail products contain a heap buffer overflow vulnerability in the way they process Content-Type headers. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMozilla Thunderbird and SeaMonkey contain a buffer overflow vulnerability. Both applications fail to properly process long Content-Type headers in external message bodies.II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable systemIII. SolutionUpgradeMozilla has addressed these vulnerabilities in Thunderbird 1.5.0.9 and SeaMonkey 1.0.7.
References
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-74. Mozilla credits Georgi Guninski. This document was written by Katie Steiner.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||