Mozilla.Thunderbird.File.Attachment.Spoofing

description-logoDescription

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code, via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

affected-products-logoAffected Products

Mozilla Thunderbird version 1.0.7 (Windows) and prior.

Impact logoImpact

Execute arbitrary code.

recomended-action-logoRecommended Actions

Upgrade to Mozilla Thunderbird version 1.5 :
http://www.mozilla.com/thunderbird/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-11-06 13.485