Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2006-74

Mail header processing heap overflows

Announced
December 19, 2006
Reporter
Georgi Guninski, David Bienvenu
Impact
Critical
Products
SeaMonkey, Thunderbird
Fixed in
  • SeaMonkey 1.0.7
  • Thunderbird 1.5.0.9

Description

Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers.

Either overflow could be exploited to execute arbitrary code.

Workaround

None, upgrade to a fixed version immediately.

References