Mozilla Foundation Security Advisory 2006-40
Double-free on malformed VCard
- Announced
- June 1, 2006
- Reporter
- Masatoshi Kimura
- Impact
- Critical
- Products
- SeaMonkey, Thunderbird
- Fixed in
- 
        - SeaMonkey 1.0.2
- Thunderbird 1.5.0.4
 
Description
Masatoshi Kimura reported a hang caused by a double-free in Thunderbird when processing a large VCard with invalid base64 characters in it. Since an attacker can supply an arbitrary amount of well-formed VCard data before introducing the error we presume this could be exploited to run code of the attacker's choosing.
Workaround
From the View menu de-select "Display Attachments Inline", and do not open
any VCard attachments (.vcf extension) until you upgrade to a fixed version.