Mozilla Foundation Security Advisory 2006-74

Mail header processing heap overflows

Announced

December 19, 2006

Reporter

Georgi Guninski, David Bienvenu

Impact

Critical

Products

SeaMonkey, Thunderbird

Fixed in

SeaMonkey 1.0.7
Thunderbird 1.5.0.9

Description

Georgi Guninski reported that long Content-Type headers in external message bodies could cause a heap buffer overflow when processing mail headers. While working on that code David Bienvenu discovered a similar overflow could occur when processing long rfc2047-encoded headers.

Either overflow could be exploited to execute arbitrary code.

Workaround

None, upgrade to a fixed version immediately.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=362213
https://bugzilla.mozilla.org/show_bug.cgi?id=362512
CVE-2006-6505

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice