Mozilla patches critical Thunderbird flaw

By

Users are being urged to update their copies of Mozilla's Thunderbird and SeaMonkey email applications after the disclosure of a serious security flaw..

Mozilla patches critical Thunderbird flaw
The advisory warns of a 'critical' flaw in the two applications which could allow an attacker to remotely execute code on compromised systems.

Mozilla said that the vulnerability lies in the way Thunderbird handles Mime content in email messages.

By sending a specially crafted message, an attacker could trigger a buffer overflow error which would leave the user vulnerable to the remote installation and launch of malware.

Discovery of the flaw was credited to a security researcher using the name 'regenrecht', who reported the vulnerability in January via iDefense.

The vulnerability is patched in Thunderbird 2.0.0.12 and SeaMonkey 1.1.8. The US Computer Emergency Response Team recommended that users update to the latest versions of both applications.

Users can also patch the flaw by changing the application's 'mailnews.display.disallow_mime_handlers' property to any value greater than three.

News of the vulnerability comes just one week after Mozilla spun off Thunderbird into a subsidiary company known as Mozilla Messaging.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?