Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - November 3, 2004

by Marianna Schmudlach / November 3, 2004 1:21 AM PST

Mozilla / Thunderbird Valid Email Address Enumeration Weakness

CRITICAL:
Not critical

IMPACT:
Exposure of system information

WHERE:
From remote

SOFTWARE:
Mozilla 1.7.x
http://secunia.com/product/3691/
Mozilla Thunderbird 0.x
http://secunia.com/product/2637/

DESCRIPTION:
plonk has discovered a weakness in Mozilla and Thunderbird, which can
be exploited by malicious people to enumerate valid email addresses.

The weakness is caused due to an improper behaviour where references
to external stylesheets in HTML documents are followed. This can be
exploited to validate the existence of an mail address when a
malicious mail is opened.

The weakness has been confirmed in Mozilla 1.7.3 and Thunderbird 0.8.
Other versions may also be affected.

SOLUTION:
If this is considered a problem, then disable HTML support in
emails:
"View" --> "Message Body As" --> "Plain Text"

PROVIDED AND/OR DISCOVERED BY:
plonk


http://secunia.com/advisories/13086/

Discussion is locked
You are posting a reply to: VULNERABILITIES - November 3, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - November 3, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
WinRAR "Repair Archive" Feature Vulnerability
by Donna Buenaventura / November 3, 2004 7:30 AM PST

Peter Winter-Smith of NGSSoftware has reported a vulnerability in WinRAR, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the "Repair Archive" feature.

Successful exploitation requires that a user is tricked into using the "Repair Archive" feature on a specially crafted archive file.

The vulnerability has been reported in versions 3.40 and prior.

Solution: Update to version 3.41.

http://secunia.com/advisories/13070/

Collapse -
F-Secure Anti-Virus for Exchange Nested Password Protected
by Donna Buenaventura / November 3, 2004 7:30 AM PST

Archives Bypass Issue

A vulnerability has been discovered in F-Secure Anti-Virus for MS Exchange, which may prevent detection of malware in certain archives.

The problem is that F-Secure Anti-Virus for MS Exchange fails to detect malware that is placed in a password protected archive, which is nested in another archive.

F-Secure Anti-Virus for MS Exchange versions 6.30 through 6.31 are vulnerable.

Solution: Apply hotfix

http://secunia.com/advisories/13067/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!