Info

Disclosure

Jan 17, 2006

Discovery

Jul 01, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Mozilla Thunderbird contains a flaw related to the way it handles attachment file names that may allow an attacker to trick a user into downloading dangerous content.

Classification

Location: Remote / Network Access
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization

Thunderbird

1.5 beta 2

References

Secunia Advisory ID: 15907
Bugtraq ID: 16271
SCIP VulDB ID: 1986
CVE ID: 2006-0236 (see also: NVD)
ISS X-Force ID: 24164
VUPEN Advisory: ADV-2006-0230
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0569.html
Vendor Specific Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:021
Other Advisory URL: http://secunia.com/secunia_research/2005-22/advisory/
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=300246

Credit

Andreas Sandblad - assecunia.com - Secunia Research

Direct URL: http://osvdb.org/22510