Security Advisories for Thunderbird 1.0
Thunderbird 1.0 is no longer supported and the last update, Thunderbird 1.0.8, is affected by several vulnerabilities fixed in newer versions of the program. All users are urged to upgrade to the newest version of Firefox.
- Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
Fixed in Thunderbird 1.0.8MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-19 Cross-site scripting using .valueOf.call()
MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
MFSA 2006-17 cross-site scripting through window.controllers
MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
MFSA 2006-14 Privilege escalation via XBL.method.eval
MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
Fixed in Thunderbird 1.0.7MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
Fixed in Thunderbird 1.0.5/1.0.6MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-50 Exploitable crash in InstallVersion.compareTo()
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-41 Privilege escalation via DOM property overrides
MFSA 2005-40 Missing Install object instance checks
Fixed in Thunderbird 1.0.2MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host