SECUNIA ADVISORY ID: SA32007

VERIFY ADVISORY: http://secunia.com/advisories/32007/

CRITICAL: Highly critical

IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access

SOFTWARE: Mozilla Thunderbird 2.x - http://secunia.com/advisories/product/14070/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. For more information: SA31984. The vulnerabilities are reported in versions prior to 2.0.0.17. The vendor recommends disabling JavaScript until an update is available.

SOLUTION: Update to version 2.0.0.17 when it becomes available.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html

OTHER REFERENCES: SA31984: http://secunia.com/advisories/31984/