Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (E-mail Client) > Mozilla Thunderbird

Vendors: Mozilla.org

Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1025135

SecurityTracker URL: http://securitytracker.com/id/1025135

CVE Reference: CVE-2010-1585, CVE-2011-0053, CVE-2011-0061, CVE-2011-0062 (Links to External Site)

Date: Mar 2 2011

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 3.1.8

Description: Several vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2011-0053, CVE-2011-0062]. The code will run with the privileges of the target user.

A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a flaw in ParanoidFragmentSink and potentially execute javascript: URLs and JavaScript code [CVE-2010-1585].

A remote user can create a specially crafted JPEG image that, when loaded by the target user, will trigger a buffer overflow and later execute arbitrary code on the target system [CVE-2011-0061].

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron, Marcia Knous, Roberto Suggi Liverani, and Jordi Chancel reported these vulnerabilities.

Impact: A remote user can cause arbitrary code to be executed on the target user's system.

Solution: The vendor has issued a fix (3.1.8).

The vendor's advisories are available at:

http://www.mozilla.org/security/announce/2011/mfsa2011-01.html
http://www.mozilla.org/security/announce/2011/mfsa2011-08.html
http://www.mozilla.org/security/announce/2011/mfsa2011-09.html

Vendor URL: www.mozilla.org/security/announce/2011/mfsa2011-01.html (Links to External Site)

Cause: Access control error, Boundary error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Mar 2 2011	(Red Hat Issues Fix) Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 2 2011	(Red Hat Issues Fix) Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has issued a fix for Red Hat Enterprise Linux 4 and 5.

Source Message Contents

Date: Wed, 02 Mar 2011 00:50:41 +0000
Subject: Mozilla Thunderbird


http://www.mozilla.org/security/announce/2011/mfsa2011-01.html
http://www.mozilla.org/security/announce/2011/mfsa2011-08.html
http://www.mozilla.org/security/announce/2011/mfsa2011-09.html

CVE-2010-1585
CVE-2011-0053
CVE-2011-0061
CVE-2011-0062

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC