The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubuntu_linux | Ubuntu | * | 5.10 (including) |
| Ubuntu_linux | Ubuntu | * | 6.06_lts (including) |
| Ubuntu_linux | Ubuntu | * | 6.10 (including) |
| Enigmail | Ubuntu | dapper | * |
| Enigmail | Ubuntu | devel | * |
| Enigmail | Ubuntu | edgy | * |
| Enigmail | Ubuntu | feisty | * |
References
- http://bugzilla.mozdev.org/show_bug.cgi?id=9730
- http://enigmail.mozdev.org/changelog.html#enig0.94.2
- http://www.securityfocus.com/bid/22684
- http://www.ubuntu.com/usn/usn-427-1
- http://bugzilla.mozdev.org/show_bug.cgi?id=9730
- http://enigmail.mozdev.org/changelog.html#enig0.94.2
- http://www.securityfocus.com/bid/22684
- http://www.ubuntu.com/usn/usn-427-1