Closed
Bug 1430523
Opened 7 years ago
Closed 7 years ago
Persistent DOS/Client Crash via Crafted Email From Field
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1411720
People
(Reporter: tudorenache.me, Unassigned)
Details
Attachments
(1 file)
|
7.10 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Steps to reproduce:
I sent an email to a Thunderbird client containing the following from email address x@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@x
sendemail -f "Tudor x@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@x" - t x@example.com -u Test -m Test -s mailexample.com
Actual results:
The Thunderbird client crashed upon receiving the email on my Windows 10 machine.
I tested the same in Linux and the whole OS froze.
The crash occurs immediately as the email is automatically synced by Thunderbird. As such any subsequent restart will re-crash the client making it unusable.
The only way to use Thunderbird again and gain access to your mailbox is to delete your locally stored profile and access the mail account through another channel and delete the "evil" email to prevent it from being synced.
If exploited in mass this vulnerability can this vulnerability can perform permanent client DOS attacks on anyone using Thunderbird with a single email.
No action is required by the victim for the vulnerability to be exploited.
Expected results:
Should not have crashed. Found this by accident when testing postfix, didn't have time to analyze what's the root cause of the crash. (sorry :()
|
||
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•4 years ago
|
Group: mail-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•