Mail header processing heap overflows
- December 19, 2006
- Georgi Guninski, David Bienvenu
- SeaMonkey, Thunderbird
- Fixed in
- SeaMonkey 1.0.7
- Thunderbird 126.96.36.199
Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers.
Either overflow could be exploited to execute arbitrary code.
None, upgrade to a fixed version immediately.