You are here

T-652: Mozilla Thunderbird Bugs Let Remote Users Obtain Cookies and Execute Arbitrary Code

June 22, 2011 - 2:55pm

Addthis

PROBLEM:

Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2011-2364, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376]. The code will run with the privileges of the target user.

PLATFORM:

Mozilla Thunderbird prior to 3.1.11

ABSTRACT:

A remote user can create a specially crafted XUL document that, when loaded by the target user, will access deleted memory (while JavaScript is disabled) and potentially execute arbitrary code on the target system [CVE-2011-2373].

A remote user can create multipart/x-mixed-replace images that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2011-2377].

A remote user can create a JavaScript Array object with the length set to an extremely large value and then call the reduceRight method to execute arbitrary code [CVE-2011-2371].

A remote user can invoke a specially crafted XUL document that, when loaded by the target user, will trigger a dangling pointer error (use-after-free) and execute arbitrary code [CVE-2011-0083, CVE-2011-0085, CVE-2011-2363]. Firefox 3.x is affected.

A remote user can set a cookie for a target domain followed by a period character (e.g., 'example.com.') to obtain cookies from another domain (e.g., 'example.com') [CVE-2011-2362]. Firefox 3.x is affected.

A remote user can obtain cookies from another domain in certain cases.

reference  LINKS:

Mozilla Foundation Security Advisory 2011-19
SecurityTracker Alert ID: 1025686
Mozilla Foundation - Security Advisories

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain cookies from another domain in certain cases.

Impact:

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2011-2364, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376]. The code will run with the privileges of the target user.
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (3.1.11).

 

Addthis