You are here: Known Vulnerabilities in Mozilla Products (Thunderbird 1.5.0.9) > MFSA 2006-74
Mozilla Foundation Security Advisory 2006-74
Title: Mail header processing heap overflows
Impact: Critical
Announced: December 19, 2006
Reporter: Georgi Guninski, David Bienvenu
Products: Thunderbird, SeaMonkey
Fixed in: Thunderbird 1.5.0.9
SeaMonkey 1.0.7
Description
Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers.
Either overflow could be exploited to execute arbitrary code.
Workaround
None, upgrade to a fixed version immediately.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=362213
- https://bugzilla.mozilla.org/show_bug.cgi?id=362512
- CVE-2006-6505