BID:22845

Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability

Info

Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability

Bugtraq ID:	22845
Class:	Boundary Condition Error
CVE:	CVE-2007-1282
Remote:	Yes
Local:	No
Published:	Mar 06 2007 12:00AM
Updated:	Jul 24 2007 06:55PM
Credit:	Georgi Guninski is credited with the discovery of this vulnerability.
Vulnerable:	Turbolinux wizpy 0 Turbolinux FUJI 0 Slackware Linux 10.2 Slackware Linux 11.0 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mozilla Thunderbird 1.5 beta 2 Mozilla Thunderbird 1.5 .9 Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.0.8 Mozilla Thunderbird 1.0.7 Mozilla Thunderbird 1.0.6 Mozilla Thunderbird 1.0.5 Mozilla Thunderbird 1.0.2 Mozilla Thunderbird 1.0.1 Mozilla Thunderbird 1.0 Mozilla Thunderbird 0.9 Mozilla Thunderbird 0.8 Mozilla Thunderbird 0.7.3 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.6 Mozilla Thunderbird 1.5.0.8 Mozilla Thunderbird 1.5.0.7 Mozilla Thunderbird 1.5.0.5 Mozilla Thunderbird 1.5.0.4 Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5.0.1 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 1.0.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1

Not Vulnerable:	Mozilla Thunderbird 1.5.0.10 Mozilla SeaMonkey 1.0.8

Discussion

Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability

Thunderbird and Seamonkey are prone to an integer-overflow vulnerability because they fail to handle excessively large specially formatted email messages.

A remote attacker can exploit this issue to execute arbitrary code; failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions prior to 1.0.8.

Exploit / POC

Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability

Solution:
The vendor has released Thunderbird 1.5.0.10 and Seamonkey 1.0.8 to address this issue.

Mozilla Thunderbird 1.5.0.5