Below is a SecurityFocus Bugtraq post:
AFFECTED VERSIONS
- Mozilla Thunderbird 1.0.7 (20050923)
- Mozilla Thunderbird 1.5 Beta 2 (20051006)
- possibly other programs using the Mozilla mail component
DESCRIPTION
The SMTP negotiation in Mozilla Thunderbird is implemented in a way that if a secure data exchange (CRAM-MD5 or STARTTLS) between client and server can not be established, an insecure method is used instead. The user is not notified of this and can not cancel this insecure data exchange. An intermediate attacker can utilize this behaviour to gain sensitive account/password information. As CRAM-MD5 and TLS were designed to avoid eavesdropping attacks, currently the implementation of Mozilla's SMTP client fails to meet these design goals.
More info http://www.securityfocus.com/archive/1/414556/30/0/threaded
Internet Explorer Java Applet Denial of Service Vulnerability
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. This issue only presents itself when the J2SE Java runtime environment is installed.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.
Microsoft Internet Explorer 6 SP2 is affected by this issu
Tom Ferris is credited with the discovery of this issue
http://www.securityfocus.com/bid/15208/info
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic