Re: Mozilla Thunderbird : Remote Code Execution & Denial of Service

["ad () heapoverflow com" <ad () heapoverflow com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
tu dois vraiment avoir rien à faire pour chercher des bugs dans une
version perimée , loul :->

Renaud Lifchitz wrote:
> Mozilla Thunderbird : Remote Code Execution & Denial of Service
>
> //----- Advisory
>
>
> Program          : Mozilla Thunderbird Homepage         :
> http://www.mozilla.com/thunderbird/ Tested version   : <= 1.0.7
> Found by         : nono2357 at sysdream dot com This advisory    :
> nono2357 at sysdream dot com Discovery date   : 2006/01/28
>
>
> //----- Application description
>
>
> Full-Featured Email
>
> Simple to use, powerful, and customizable, Thunderbird is a
> full-featured email application. Thunderbird supports IMAP and POP
> mail protocols, as well as HTML mail formatting. Easily import your
> existing email accounts and messages. Built-in RSS capabilities,
> powerful quick search, spell check as you type, global inbox,
> deleting attachments and advanced message filtering round out
> Thunderbird's modern feature set.
>
>
> //----- Description of vulnerability
>
>
> Thunderbird's WYSIWYG rendering engine insufficiently filters
> javascript scripts. It is possible to write javascript in the SRC
> attribute of the IFRAME tag. This leads to execution when the email
> is edited (for instance when replying to the email), even if
> javascript is disabled in the preferences.
>
>
> //----- Proof Of Concept
>
>
> * Javascript execution :
>
> <html> <body> <iframe src="javascript:alert('Found by
> www.sysdream.com !')"></iframe> </body> </html>
>
> * Denial of service (application crash) :
>
> <html> <body> <iframe src="javascript:parent.document.write('Found
> by www.sysdream.com !')"></iframe> </body> </html>
>
>
> //----- Solution
>
>
> Upgrade to version 1.5.
>
> Download page : http://www.mozilla.com/thunderbird/all.html Direct
> link :
> http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/
>
>
> //----- Impact
>
>
> Successful exploitation may lead to information disclosure
> (application version, platform, user emails, user preferences, ...)
> or could crash the application.
>
>
> //----- Credits
>
>
> http://www.sysdream.com nono2357 at sysdream dot com
>
>
> //----- Greetings
>
>
> crashfr & the hackademy ...
>
>
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ/zYha+LRXunxpxfAQLVJw/9ElEn3ACHtmNK07X5dQLWaV7Sj1bSg9TF
i6eyhrvjFoqHRDFL+ZKPGS6Z9xSRV6SQ8fMruOwBHXaagcxyBFmPbtWA6OzUfYI3
sJKYWZiH0pEvdH9l5H5ZkxBrSZQ8mI+nKjR0D1thPSHPu0sNR5Oj+b4438SPoUif
0ZLN1UyxEIIPUS8pS42Bv2k6JKHl8cZ8q5D4k49u0gVP+Y0Gdz9D5w3mEDYbgSFC
ROtIPuL9ARLN0MUeHYGIMhOfZefz5qP0GweNZDuK8dcJ9pyCc5gIvGeAK+Sa0cJ/
AY23GNwJQvcV3SRGfDaXergznAU5lg8NXq27z7wUzj/hmj11SS9rABLnKDFGZRj5
draGKg433VOCKJYwG7xH2xRkPrZOh4gbwn2/GLVU82702AsBsiWP5IRlGJ9K4uY0
A7pTgfBMGAgwcoouIqTxgrZd0pQPxgJ28TYg1DgdfACMp6wmU+8iWTKkivXcJIaT
Qu33F+wZwS9jEE7ID3D14QCqlPfNg1drVpY3m/G6M08bCnxe1hyEOAIG141HIJUN
gycXz4pNIP9gS6GhhG0epZKkIstYRjDOwwMFmu1MaR/O6u/wwX/gzED6S3LooVi1
OVmbpbwy3+Hv+mxcftomQcXUwv1lDMWlz2vjWDwdx9dpLlTvZI15CVk/jabUIEjL
Tjzxv9mQu5w=
=jhOg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/