Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Thunderbird | Mozilla | 1.5 (including) | 1.5 (including) |
| Mozilla-thunderbird | Ubuntu | dapper | * |
| Mozilla-thunderbird | Ubuntu | edgy | * |
| Mozilla-thunderbird | Ubuntu | feisty | * |
| Mozilla-thunderbird | Ubuntu | upstream | * |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0399.html
- http://securityreason.com/securityalert/469
- http://www.securityfocus.com/archive/1/425602/100/0/threaded
- http://www.securityfocus.com/bid/16716
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24810
- http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0399.html
- http://securityreason.com/securityalert/469
- http://www.securityfocus.com/archive/1/425602/100/0/threaded
- http://www.securityfocus.com/bid/16716
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24810