Overview
Mozilla mail products contain a heap buffer overflow vulnerability in the way they process Content-Type headers. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Mozilla Thunderbird and SeaMonkey contain a buffer overflow vulnerability. Both applications fail to properly process long Content-Type headers in external message bodies. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system |
Solution
Upgrade Mozilla has addressed these vulnerabilities in Thunderbird 1.5.0.9 and SeaMonkey 1.0.7. |
Vendor Information
887332
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-74. Mozilla credits Georgi Guninski.
This document was written by Katie Steiner.
Other Information
| CVE IDs: | CVE-2006-6505 |
| Severity Metric: | 26.72 |
| Date Public: | 2006-12-19 |
| Date First Published: | 2006-12-20 |
| Date Last Updated: | 2007-01-31 21:54 UTC |
| Document Revision: | 31 |