A security announcement from Mandriva:
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:021
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : January 25, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:021
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mozilla-thunderbird
Date : January 25, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
The updated packages have been patched to correct this problem.
