Bug 576391 – CVE-2010-0163 seamonkey/thunderbird: crash when indexing certain messages with attachments

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 576391 - (CVE-2010-0163) CVE-2010-0163 seamonkey/thunderbird: crash when indexing certain messages with attachments

Summary:	CVE-2010-0163 seamonkey/thunderbird: crash when indexing certain messages wit...

Status:	CLOSED CURRENTRELEASE

Aliases:	CVE-2010-0163

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:	http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:	impact=important,source=cve,reported=...
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-03-23 18:48 EDT by Vincent Danen
Modified:	2016-09-20 08:00 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-02-09 06:20:46 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0499	normal	SHIPPED_LIVE	Critical: seamonkey security update	2010-06-22 17:37:21 EDT

Groups: None (edit)

Description Vincent Danen 2010-03-23 18:48:01 EDT

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0163 to
the following vulnerability:

Name: CVE-2010-0163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163
Assigned: 20100106
Reference: CONFIRM: http://www.mozilla.org/security/announce/2010/mfsa2010-07.html
Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=505221
Reference: UBUNTU:USN-915-1
Reference: URL: http://www.ubuntu.com/usn/USN-915-1
Reference: BID:38831
Reference: URL: http://www.securityfocus.com/bid/38831
Reference: SECUNIA:39001
Reference: URL: http://secunia.com/advisories/39001
Reference: VUPEN:ADV-2010-0648
Reference: URL: http://www.vupen.com/english/advisories/2010/0648
Reference: XF:thunderbird-messages-dos(56993)
Reference: URL: http://xforce.iss.net/xforce/xfdb/56993

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
process e-mail attachments with a parser that performs casts and line
termination incorrectly, which allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via a crafted message, related to message indexing.

Comment 1 Vincent Danen 2010-03-23 18:53:46 EDT

This would be corrected in Red Hat Enterprise Linux 5 via RHSA-2010-0153:

https://rhn.redhat.com/errata/RHSA-2010-0153.html

Comment 3 Vincent Danen 2010-03-24 17:54:59 EDT

A patch was applied to correct this in Red Hat Enterprise Linux 4 Thunderbird via RHSA-2010-0154:

https://rhn.redhat.com/errata/RHSA-2010-0154.html

Comment 5 errata-xmlrpc 2010-06-22 17:37:45 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 3

Via RHSA-2010:0499 https://rhn.redhat.com/errata/RHSA-2010-0499.html

Note You need to log in before you can comment on or make changes to this bug.