You are here: Known Vulnerabilities in Mozilla Products (Thunderbird 0.9) > MFSA 2005-06

Mozilla Foundation Security Advisory 2005-06

Title: Heap overrun handling malicious news: URL
Severity: High
Reporter: Maurycy Prodeus (iSEC Security Research)
Products: Thunderbird, Mozilla Suite

Fixed in: Thunderbird 0.9
  Mozilla Suite 1.7.5

Description

Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox does not support the news: scheme.

Workaround

Upgrade to fixed version.

References