[funsec] Time to update Mozilla Thunderbird too

Juha-Matti Laurio juha-matti.laurio at netti.fi
Sat Sep 27 17:06:58 CDT 2008


In case you missed this:

Heap overflow when canceling newsgroup message
http://www.mozilla.org/security/announce/2008/mfsa2008-46.html

"Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer."

Solution:
Update to Thunderbird version 2.0.0.17 at
http://www.mozilla.com/en-US/thunderbird/all.html

Juha-Matti


More information about the funsec mailing list