Closed Bug 1510401 Opened 3 years ago Closed 3 years ago

thunderbird does not start after creating an event in the calendar finishing on a date in the far future

Categories

(Calendar :: General, defect)

defect
Not set
critical

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 680620

People

(Reporter: sergi.robles, Unassigned)

Details

(Keywords: hang, perf)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

Steps to reproduce:

Add an event in the calendar with a finishing date in the far future, like 20018


Actual results:

Thunderbird freezes, and then it will not start again


Expected results:

The event created normally
To solve the situation, the conflicting event can be removed manually from the calendar database, then Thunderbird can be launched again normally.
Hi Sergi. Better not to use the security flag unless your issue is a vulnerability
Group: mail-core-security
(In reply to Wayne Mery (:wsmwk) from comment #2)
> Hi Sergi. Better not to use the security flag unless your issue is a
> vulnerability

Yes, but receiving (and accepting) an ical invitation to an event of this type can cause the application to stop working. That is why I checked the security flag.
Sergi R: That is not a security issue by definition. Nothing you describe is insecure. :)
Component: Untriaged → General
Product: Thunderbird → Calendar
(In reply to Sergi Robles from comment #3)
> (In reply to Wayne Mery (:wsmwk) from comment #2)
> > Hi Sergi. Better not to use the security flag unless your issue is a
> > vulnerability
> 
> Yes, but receiving (and accepting) an ical invitation to an event of this
> type can cause the application to stop working. That is why I checked the
> security flag.

Why is the sender sending an invitation that has a date in 20018? They make a typo?
No. They send this tailored invitation on purpose, as an attack to the recipients. After receiving and accepting the invitation (probably just checking the event name, date and starting time, but not the ending time), Thunderbird freezes and cannot be started again, so completing a DoS attack. If the invitation is well designed, like Amazon Black Friday week, and sent massively, many people can be prevented from reading their mails and accessing their calendars. A colleague of mine was one week without Thunderbird and no access to any of his calendar events because of this bug, until he told me and I helped him to solve the problem.
Of course, a casual typo would do the same. In the case of my colleague, it was an error introducing the time (hour) of a new calendar event in the wrong text area (year, just after the 2018).
Sounds like Bug 680620 - Distant event end date hangs in calendar views
Severity: normal → critical
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Keywords: hang, perf
Resolution: --- → DUPLICATE
Duplicate of bug: 680620
You need to log in before you can comment on or make changes to this bug.