Mozilla

Mozilla

Mozilla Foundation Security Advisory 2006-74

Mail header processing heap overflows

Announced
December 19, 2006
Reporter
Georgi Guninski, David Bienvenu
Impact
Critical
Products
SeaMonkey, Thunderbird
Fixed in
  • SeaMonkey 1.0.7
  • Thunderbird 1.5.0.9

Description

Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers.

Either overflow could be exploited to execute arbitrary code.

Workaround

None, upgrade to a fixed version immediately.

References