| New User, Welcome! Login |
email clients
Hello Bugtraq!
I want to warn you about security vulnerabilities in email clients,
particularly in Outlook Express and Outlook. This advisory is concerned with
my series of advisories about vulnerabilities in browsers, which belong to
group of DoS via protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
:Fixed in: --
Description
-----------
We could not find out the definitive description for eOffice in English. This is our own understanding of the application: eOffice is an IMAP email client.
We have discovered a remote code execution vulnerability in eOffice. The attacker could force an unknowning user to execute arbitrary code.
To exploit this bug, an attacker only needs to send a specially-crafted email to his target's address. When the victim clicks on the email, malicious code will run immediately. From there, the attacker might take full control of the machine, or simply cause a Denial of Service.
and business collaboration application developed by IBM to work as a
desktop client in conjunction with IBM’s Lotus Domino server application.
The email functionality of Lotus Notes supports previewing and processing
file attachments in various formats. To preview and process files in the
Lotus Worksheet File format (WKS) used by Lotus 1-2-3 the email client
uses a library from a third-party software vendor (Autonomy’s Verity
KeyView SDK). Several buffer overflow vulnerabilities were found in the
third-party library used by Lotus Notes to process Lotus 1-2-3 file
attachments.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
Thunderbird.
------------------------------------------------------
Description
Evolution is an email client that is built with ubuntu.
------------------------------------------------------
Vulnerability
execution of arbitrary code.
Background
==========
Balsa is a highly configurable email client for GNOME.
Affected packages
=================
-------------------------------------------------------------------
On 9/26/2009 5:54 AM, Pavel Machek wrote:
> Well... mujmail.org email client also does not validate ssl
> cerificates -- optionaly. Reasoning is that SSL with unverified
> certificate is still better than sending plaintext passwords.
>
> Does that count as a vulnerability?
Yes; it's not that difficult for someone on the same network segment to
proxy all your traffic, and if you don't check your certificate then you
might as well have sent it plaintext.
> security risk, as they said), found by Henry Sudhof - Mozilla Foundation
> Security Advisory 2010-23
> (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html)
> (Image src
> redirect to mailto: URL opens email editor). Which allow to open email
> client at user's computer via redirector, which redirecting to mailto:
> URL.
> But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>
> After I recently read this advisory, I decided to check different
vulnerability and interesting research itself. I have found DoS
vulnerabilities in multiple browsers many time, but I never tested in such
many browsers and systems. So you made a large research (with help of those
people who helped you with testing in different systems) - this DoS hole
exists (or existed) in so many systems: different desktop browsers, email
clients, browsers for mobile devices, game devices and possible other
devices with support of JavaScript.
Maybe some of DoS hole found by me can also work on multiple platforms, but
I didn't tested in such large scale of devices (just in different browsers
at my PC).
At 30.02.2010 Mozilla fixed vulnerability (small one, which poses no
security risk, as they said), found by Henry Sudhof - Mozilla Foundation
Security Advisory 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image src
redirect to mailto: URL opens email editor). Which allow to open email
client at user's computer via redirector, which redirecting to mailto: URL.
But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
SeaMonkey 2.0.4, but not in Firefox 3.0.x.
After I recently read this advisory, I decided to check different browsers.
And as I checked at 16.05.2010, to this vulnerability are vulnerable web
>> security risk, as they said), found by Henry Sudhof - Mozilla Foundation
>> Security Advisory 2010-23
>> (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image
>> src
>> redirect to mailto: URL opens email editor). Which allow to open email
>> client at user's computer via redirector, which redirecting to mailto:
>> URL.
>> But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
>> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>>
>> After I recently read this advisory, I decided to check different
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit3.html
Soon I'll also show exploit (for firefoxurl protocol) without using of JS
which crashes IE6, when I'll release special advisory about DoS attacks on
email clients.
This exploit for firefoxurl protocol works in Mozilla Firefox 3.0.19 (and
besides previous versions, it must work in 3.5.x and 3.6.x), Internet
Explorer 6 (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google
Chrome 1.0.154.48 and Opera 9.52.
> iPod/iPhone standard e-mail application does not validate SSL certificates
> and is vulnerable to a MITM (man in the middle attack).
>
> Vulnerable: All versions.
Well... mujmail.org email client also does not validate ssl
cerificates -- optionaly. Reasoning is that SSL with unverified
certificate is still better than sending plaintext passwords.
Does that count as a vulnerability?
Pavel
symlink attack.
Background
==========
Claws Mail is a GTK based e-mail client.
Affected packages
=================
-------------------------------------------------------------------
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
Thunderbird.
>>> Foundation
>>> Security Advisory 2010-23
>>> (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image
>>> src
>>> redirect to mailto: URL opens email editor). Which allow to open email
>>> client at user's computer via redirector, which redirecting to mailto:
>>> URL.
>>> But this vulnerability was fixed only in Firefox 3.5.9, Firefox
>>> 3.6.2 and
>>> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>>>
Impact
======
A remote attacker could entice a user to open a specially crafted link
with a vulnerable application using Xdg-Utils (e.g. an email client),
resulting in the execution of arbitrary code with the privileges of the
user running the application.
Workaround
==========
which may allow user-assisted arbitrary remote code execution.
Background
==========
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
Affected packages
=================
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
Background
==========
Mozilla Firefox is an open-source web browser from the Mozilla Project,
and Mozilla Thunderbird an email client. The SeaMonkey project is a
community effort to deliver production-quality releases of code derived
from the application formerly known as the 'Mozilla Application Suite'.
XULRunner is a Mozilla runtime package that can be used to bootstrap
XUL+XPCOM applications like Firefox and Thunderbird.
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email client.
The updated Thunderbird version broken compatibility with the Enigmail
plugin. This update corrects the problem. We apologize for the
inconvenience.
|
|
|
