A vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system.
Post Office Protocol Version 3 (POP3) is a mail protocol that provides a means for retrieving email from a remote server. This protocol is supported by Mozilla, Firefox, and Thunderbird. These clients contain a vulnerability that allows malformed POP3 responses to trigger a buffer overflow condition in the SendUidl() function. Such responses can be sent by a remote POP3 server and could result in arbitrary code execution.
By sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server.
Upgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7, Firefox 0.9, and Thunderbird 0.7.2.
This vulnerability was reported by Zen Parse.
This document was written by Damon Morda.
|Date First Published:||2004-08-20|
|Date Last Updated:||2004-08-20 15:13 UTC|