---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21939 VERIFY ADVISORY: http://secunia.com/advisories/21939/ CRITICAL: Highly critical IMPACT: Security Bypass, DoS, System access WHERE: >From remote SOFTWARE: Mozilla Thunderbird 1.5.x http://secunia.com/product/4652/ Mozilla Thunderbird 1.0.x http://secunia.com/product/9735/ Mozilla Thunderbird 0.x http://secunia.com/product/2637/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct man-in-the-middle attacks, bypass certain security restrictions, and potentially compromise a user's system. The problem is that scripts in remote XBL files in e-mails can be executed even when JavaScript has been disabled (JavaScript is disabled by default). This can be exploited to cause JavaScript code to be executed whenever the HTML content of an e-mail is being viewed, forwarded, or replied to. This may also enable exploitation of vulnerabilities requiring JavaScript. Successful exploitation requires that the "Load Images" setting is enabled. Some other vulnerabilities have also been reported. For more information: SA21903 And vulnerabilities #1, #2, #3, and #7 in: SA21906 NOTE: Exploitation of some of the vulnerabilities requires that JavaScript is enabled. SOLUTION: Update to version 1.5.0.7. http://www.mozilla.com/thunderbird/ PROVIDED AND/OR DISCOVERED BY: Georgi Guninski ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-63.html OTHER REFERENCES: SA21903: http://secunia.com/advisories/21903/ SA21906: http://secunia.com/advisories/21906/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------