Package name
mozilla-thunderbird
Date
2006-01-25
Advisory ID
MDKSA-2006:021
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6,
and 1.0.7 allows user-complicit attackers to execute arbitrary code via an
attachment with a filename containing a large number of spaces ending with
a dangerous extension that is not displayed by Thunderbird, along with an
inconsistent Content-Type header, which could be used to trick a user into
downloading dangerous content by dragging or saving the attachment.

The updated packages have been patched to correct this problem.

Updated packages

2006.0 i586

 ec5571737dd8a0908f6532d657ccc378  2006.0/RPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.i586.rpm
 6ad6aa5666f6ba499c3e78a9e24f4917  2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.3.20060mdk.i586.rpm
 a89fceffe0e0429c634b0b76120ee36a  2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.3.20060mdk.i586.rpm
 8babd434a3fe12a7134239ca36658743  2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.src.rpm

2006.0 x86_64

 5df5db7c2e45cf30d3d5f0209a7b0cd8  x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.x86_64.rpm
 58595fbd0a66345df85e4e586ee2bbd8  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.3.20060mdk.x86_64.rpm
 351d08e5ca2c990fd6496f857b2b1fb0  x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.3.20060mdk.x86_64.rpm
 8babd434a3fe12a7134239ca36658743  x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.3.20060mdk.src.rpm

References