Closed
Bug 307752
Opened 19 years ago
Closed 19 years ago
Thunderbird vulnerable to bug 307259
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: dveditz, Assigned: dveditz)
Details
This is a bug on the thunderbird version of bug 307259 so we can make sure we've
got all the right shipping flags, etc.
If someone finds a way to exploit this heap overrun this could be mailed around
to people with little defense, possibly starting a worm.
workaround: turn off idn. There's no about:config in Tbird 1.0x so this has to
be manually edited in the default preferences. edit the network.enableIDN pref
to false.
|
Assignee | |
Comment 1•19 years ago
|
||
This is invalid -- thunderbird already has IDN turned off. Not vulnerable.
Group: security
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
|
||
Comment 2•19 years ago
|
||
verified - network.enableIDN pref is false by default in thunderbird
Status: RESOLVED → VERIFIED
|
||
Comment 3•19 years ago
|
||
Also, there is an about:config in recent Thunderbird.
|
|
Assignee | |
Comment 4•19 years ago
|
||
(In reply to comment #3)
> Also, there is an about:config in recent Thunderbird.
In unreleased almost-beta versions, yes. This bug was supposed to track whatever
we needed to do to protect users of the 1.0x released version. Which,
thankfully, turns out to be nothing.
You need to log in
before you can comment on or make changes to this bug.
Description
•