Mozilla Products DoS Vulnerability June-09 (Win) Network Vulnerability

Summary

The host is installed with Thunderbird/Seamonkey and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code via e-mail messages, and results in Denial of Service condition. Impact Level: Application

Solution

Upgrade to Seamonkey version 1.1.17 http://www.seamonkey-project.org/releases Upgrade to Thunderbird version 2.0.0.22 http://www.mozillamessaging.com/en-US/thunderbird/all.html

Insight

The flaw exists when application fails to handle user input messages via a multipart or alternative e-mail message containing a text or enhanced part that triggers access to an incorrect object type.

Affected

Seamonkey version prior to 1.1.17 and Thunderbird version prior to 2.0.0.22 on Windows.

References

http://www.mozilla.org/security/announce/2009/mfsa2009-33.html
http://xforce.iss.net/xforce/xfdb/51315

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2210

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BlackIce DoS (ping flood)
Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
ActFax LPD/LPR Server Denial of Service Vulnerability
CA kmxfw.sys Code Execution and DoS Vulnerabilities

Take action and discover your vulnerabilities