You are here: Known Vulnerabilities in Mozilla Products (Thunderbird 1.5.0.14) > MFSA 2007-40
Mozilla Foundation Security Advisory 2007-40
Title: Upgraded Thunderbird 1.5.0.13 missing fix for MFSA 2007-23
Impact: Critical
Announced: December 19, 2007
Reporter: Stephen Donner
Products: Thunderbird 1.5.0.13
Fixed in: Thunderbird 1.5.0.14
Description
Mozilla tester Stephen Donner reported that only users
who installed Thunderbird 1.5.0.13 using the install package received
the fix for MFSA 2007-23. Users who upgraded
to Thunderbird 1.5.0.13 from an earlier version using the automatic update
mechanism were not protected. If those users browsed the internet using
Internet Explorer or another similarly affected program and clicked on a
malicious mailto:
link the attacker could potentially execute
arbitrary code.
Workaround
Mozilla highly recommends using Firefox to browse the web to prevent attackers from exploiting this problem in Internet Explorer.