Closed
Bug 1510401
Opened 7 years ago
Closed 7 years ago
thunderbird does not start after creating an event in the calendar finishing on a date in the far future
Categories
(Calendar :: General, defect)
Calendar
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 680620
People
(Reporter: sergi.robles, Unassigned)
Details
(Keywords: hang, perf)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Steps to reproduce:
Add an event in the calendar with a finishing date in the far future, like 20018
Actual results:
Thunderbird freezes, and then it will not start again
Expected results:
The event created normally
|
Reporter | |
Comment 1•7 years ago
|
||
To solve the situation, the conflicting event can be removed manually from the calendar database, then Thunderbird can be launched again normally.
|
||
Comment 2•7 years ago
|
||
Hi Sergi. Better not to use the security flag unless your issue is a vulnerability
Group: mail-core-security
|
|
Reporter | |
Comment 3•7 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #2)
> Hi Sergi. Better not to use the security flag unless your issue is a
> vulnerability
Yes, but receiving (and accepting) an ical invitation to an event of this type can cause the application to stop working. That is why I checked the security flag.
|
||
Comment 4•7 years ago
|
||
Sergi R: That is not a security issue by definition. Nothing you describe is insecure. :)
|
||
Updated•7 years ago
|
Component: Untriaged → General
Product: Thunderbird → Calendar
|
||
Comment 5•7 years ago
|
||
(In reply to Sergi Robles from comment #3)
> (In reply to Wayne Mery (:wsmwk) from comment #2)
> > Hi Sergi. Better not to use the security flag unless your issue is a
> > vulnerability
>
> Yes, but receiving (and accepting) an ical invitation to an event of this
> type can cause the application to stop working. That is why I checked the
> security flag.
Why is the sender sending an invitation that has a date in 20018? They make a typo?
|
|
Reporter | |
Comment 6•7 years ago
|
||
No. They send this tailored invitation on purpose, as an attack to the recipients. After receiving and accepting the invitation (probably just checking the event name, date and starting time, but not the ending time), Thunderbird freezes and cannot be started again, so completing a DoS attack. If the invitation is well designed, like Amazon Black Friday week, and sent massively, many people can be prevented from reading their mails and accessing their calendars. A colleague of mine was one week without Thunderbird and no access to any of his calendar events because of this bug, until he told me and I helped him to solve the problem.
|
|
Reporter | |
Comment 7•7 years ago
|
||
Of course, a casual typo would do the same. In the case of my colleague, it was an error introducing the time (hour) of a new calendar event in the wrong text area (year, just after the 2018).
|
|
||
Comment 8•7 years ago
|
||
Sounds like Bug 680620 - Distant event end date hangs in calendar views
You need to log in
before you can comment on or make changes to this bug.
Description
•