Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2006 > AUSCERT Advisory: AA-2006.0021 - Mozilla Thunderbird 1.0.7 and earlier allow remote code execution

March 2006

AUSCERT Advisory: AA-2006.0021 - Mozilla Thunderbird 1.0.7 and earlier allow remote code execution

ID: 00184
Ref: 184/2006
Date: 07 March 2006:14:38:37
Version: 1
Title: AUSCERT Advisory: AA-2006.0021 - Mozilla Thunderbird 1.0.7 and earlier allow remote code execution
Abstract: Mozilla Thunderbird 1.0.7 and prior are vulnerable to execution of Javascript code referenced in IFRAME tags. Further details are available from the original advisory on BugTraq [1].
Vendors affected: Auscert
Operating systems affected: Auscert
Applications affected: Auscert
Title
=====

AUSCERT Advisory: AA-2006.0021 - Mozilla Thunderbird 1.0.7 and earlier allow
remote code execution

Detail
======

Mozilla Thunderbird 1.0.7 and prior are vulnerable to execution of
Javascript code referenced in IFRAME tags. Further details are
available from the original advisory on BugTraq [1].


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2006.0021 AUSCERT Advisory

[Win][UNIX/Linux]
Mozilla Thunderbird 1.0.7 and earlier allow remote code execution
7 March 2006
- - ---------------------------------------------------------------------------

AusCERT Advisory Summary
------------------------

Product: Mozilla Thunderbird 1.0.7 and earlier
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-0884

OVERVIEW:

Mozilla Thunderbird 1.0.7 and prior are vulnerable to execution of
Javascript code referenced in IFRAME tags. Further details are
available from the original advisory on BugTraq [1].


IMPACT:

A remote attacker may be able to obtain sensitive information or crash
Thunderbird.


MITIGATION:

Upgrade to Mozilla Thunderbird 1.5 [2].


REFERENCES:

[1] http://www.securityfocus.com/archive/1/archive/1/425786/100/0/threaded
[2] http://www.mozilla.com/thunderbird/

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192


iQCVAwUBRAzbSSh9+71yA2DNAQIq1wP/ZT5GlSuVgFcFGuGUh6ccnx/81+B4Vc46
luko08cWleJDH5m3vc7sheu6ikB2ivv8KhyjxieIfPT9gsmopKFEsLd1x7mm1pxF
JEYHN0eIZFN3SPCXaiiHZJx9TKr5bcVVpSEzeCG4UY6mRtQfMPJ9sTjhCyf1VV24
CLGK3/vFv8g=
=fPp4
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |