[funsec] Time to update Mozilla Thunderbird too
Juha-Matti Laurio
juha-matti.laurio at netti.fi
Sat Sep 27 17:06:58 CDT 2008
In case you missed this:
Heap overflow when canceling newsgroup message
http://www.mozilla.org/security/announce/2008/mfsa2008-46.html
"Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer."
Solution:
Update to Thunderbird version 2.0.0.17 at
http://www.mozilla.com/en-US/thunderbird/all.html
Juha-Matti
More information about the funsec
mailing list