Security Advisories for Thunderbird 1.0

Thunderbird 1.0 is unsupported. Please upgrade to the latest version.

Impact key

• Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

# Fixed in Thunderbird 1.0.8

• 2006-27 Table Rebuilding Code Execution Vulnerability
• 2006-26 Mail Multiple Information Disclosure
• 2006-25 Privilege escalation through Print Preview
• 2006-24 Privilege escalation using crypto.generateCRMFRequest
• 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
• 2006-21 JavaScript execution in mail when forwarding in-line
• 2006-19 Cross-site scripting using .valueOf.call()
• 2006-18 Mozilla Firefox Tag Order Vulnerability
• 2006-17 cross-site scripting through window.controllers
• 2006-16 Accessing XBL compilation scope via valueOf.call()
• 2006-15 Privilege escalation using a JavaScript function's cloned parent
• 2006-14 Privilege escalation via XBL.method.eval
• 2006-11 Crashes with evidence of memory corruption (rv:1.8)
• 2006-10 JavaScript garbage-collection hazard audit
• 2006-09 Cross-site JavaScript injection using event handlers
• 2006-05 Localstore.rdf XML injection through XULDocument.persist()
• 2006-01 JavaScript garbage-collection hazards

# Fixed in Thunderbird 1.0.7

• 2005-59 Command-line handling on Linux allows shell execution

# Fixed in Thunderbird 1.0.5

• 2005-46 XBL scripts ran even when Javascript disabled

# Fixed in Thunderbird 1.0.2

• 2005-30 GIF heap overflow parsing Netscape extension 2
• 2005-25 Image drag and drop executable spoofing
• 2005-21 Overwrite arbitrary files downloading .lnk twice
• 2005-18 Memory overwrite in string library
• 2005-17 Install source spoofing with user:pass@host
• 2005-15 Heap overflow possible in UTF8 to Unicode conversion

# Fixed in Thunderbird 1

• 2005-11 Mail responds to cookie requests