HOME > VULNERABILITY


   VULNERABILITY

 

CERT-In Vulnerability Note CIVN-2010-92
Mozilla SSPI Authentication and Message Indexing Remote Code Execution Vulnerabilities

Original Issue Date: March 26, 2010

Severity Rating:High

System Affected

  • Mozilla SeaMonkey version prior to 1.1.19
  • Mozilla Thunderbird version prior 2.0.0.24

Overview

Multiple vulnerabilities have been reported in Mozilla SeaMonkey and Thunderbird which can be exploited by remote attackers to cause denial of service and/or arbitrary code execution on the affected systems.

Description

1. SSPI Authentication arbitrary code execution vulnerability     (CVE-2010-0161)

This issue is caused due to heap memory corruptionin nsAuthSSPI::Unwrap function of extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird and SeaMonkey on Windows Vista, Windows Server 2008 R2, and Windows 7. Successful exploitation of this issue could allow remote SMTP, IMAP, and POP servers to cause a denial of service (application crash) or arbitrary code execution.

Only clients joined to an Active Directory server under Windows Vista or Windows 7 and that use SSPI authentication are affected.

2. Message Indexing arbitrary code execution vulnerability
    (CVE-2010-0163)

This issue is caused due to a memory corruption error when indexing messages with certain MIME attachments. This could be exploited by remote attackers to potentially to cause a denial of service (application crash) or arbitrary code execution.

Solution

Upgrade to latest version of Mozilla SeaMonkey and Thunderbird
http://www.seamonkey-project.org/releases/
http://www.mozillamessaging.com/en-US/thunderbird/all.html

Vendor Information

Mozilla Foundation
http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

References

Mozilla bugzilla
https://bugzilla.mozilla.org/show_bug.cgi?id=511806
https://bugzilla.mozilla.org/show_bug.cgi?id=505221

IBM X-force
http://xforce.iss.net/xforce/xfdb/56993

Secunia
http://secunia.com/advisories/39001

VUPEN
http://www.vupen.com/english/advisories/2010/0648

SecurityFocus
http://www.securityfocus.com/bid/38831

Security Tracker
http://securitytracker.com/alerts/2010/Mar/1023730.html

CVE Name
CVE-2010-0161
CVE-2010-0163

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003