Code Execution Flaw Haunts Mozilla Thunderbird

A new version of the open-source Mozilla Thunderbird mail client has been released to fix at least six security vulnerabilities that could expose users to PC takeover attacks.

The most serious of the six vulnerabilities, a "critical" heap buffer overflow in external MIME bodies, could allow an attacker to execute arbitrary code with the privileges of the current user.

"When calculating the number of bytes to allocate for a heap buffer, sufficient space is not reserved for all of the data being copied into the buffer. This results in up to three bytes of the buffer being overflowed, potentially allowing for the execution of arbitrary code, according to an alert from iDefense, the company that reported the flaw to Mozilla.

Exploitation requires that an attacker social engineer a user into viewing a malicious message in Thunderbird. If the "View->Message Pane" option is turned on (in the "Preview" pane), which is the default, then all a targeted user has to do is select the message in the browsing pane.

Once the message is previewed, the vulnerability will be triggered, iDefense warned.

The flaw affects both Linux and Windows users.

Mozilla also documented a total of five additional issues that could lead for information disclosure, directory traversal, privilege escalation, cross-site scripting and remote code execution attacks.

The Thunderbird update also fixes several mail client crashes with evidence of memory corruption.

The latest Thunderbird update comes on the heels of the launch of Mozilla Messaging, the new mail focused subsidiary of the non-profit Mozilla Foundation

The primary focus of the Mozilla Messaging start-up is the development of Thunderbird 3, which promises integrated calendaring, better search and enhancements to the overall user experience.