Mozilla Foundation Security Advisory 2006-74

Mail header processing heap overflows

Announced

December 19, 2006

Reporter

Georgi Guninski, David Bienvenu

Impact

Critical

Products

SeaMonkey, Thunderbird

Fixed in

SeaMonkey 1.0.7
Thunderbird 1.5.0.9

Description

Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers.

Either overflow could be exploited to execute arbitrary code.

Workaround

None, upgrade to a fixed version immediately.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=362213
https://bugzilla.mozilla.org/show_bug.cgi?id=362512
CVE-2006-6505

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising