Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790 CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382 VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556 BugTraq IDs : 15773 16476 16476 16770 16881 17516
Several security related problems have been discovered in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CVE-2005-2353
The "run-mozilla.sh" script allows local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.
CVE-2005-4134
Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]
CVE-2006-0292
The Javascript interpreter does not properly dereference objects,
which allows remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]
CVE-2006-0293
The function allocation code allows attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]
CVE-2006-0296
XULDocument.persist() did not validate the attribute name,
allowing an attacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during...
1.0.2-2.sarge1.0.8