Mozilla Thunderbird < 1.5 Attachment Extension Spoofing

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.

Synopsis :

The remote version of Mozilla Thunderbird is affected by an attachment
spoofing vulnerability.

Description :

The remote host is using Mozilla Thunderbird, an email client.

The remote version of this software does not display attachments
correctly in emails. Using an overly-long filename and
specially crafted Content-Type headers, an attacker may be able to
leverage this issue to spoof the file extension and associated file
type icon and trick a user into executing an arbitrary program.

See also :

Solution :

Upgrade to Mozilla Thunderbird 1.5 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 20735 ()

Bugtraq ID: 16271

CVE ID: CVE-2006-0236

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now