Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling Remote Heap Overflow Vulnerability
SCO has released an advisory SCOSA-2005.25 including updated packages to address this issue. Please see the referenced advisory for more information.
Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
Red Hat has released advisory RHSA-2004:421-17 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
The vendor has released upgrades dealing with this issue.
Slackware has released an advisory (SSA:2004-223-01) to address this issue. Please see the referenced advisory for more information.
Mandrake Linux has released advisory MDKSA-2004:082 along with fixes addressing this issue. Please see the referenced advisory for further information.
SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:
Patch 10095 is available from http://support.sgi.com/ and
The individual RPMs from Patch 10095 are available from:
Gentoo has released an advisory (GLSA 200409-26) to address various issues in Mozilla Browsers. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems.
emerge -pv your-version
For more information please see the referenced Gentoo Linux advisory.
HP has released an advisory (SSRT4826) dealing with this issue for their Tru64 UNIX platform. Please see the referenced advisory for more information.
SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Conectiva has released an advisory (CLA-2004:877) to address various issues including this in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.
The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Mozilla Thunderbird 0.6
Mozilla Browser 0.9.9
Mozilla Browser 1.0 RC1
Mozilla Browser 1.0 RC2
Mozilla Browser 1.0
Mozilla Browser 1.0.1
Mozilla Browser 1.0.2
Mozilla Browser 1.1
Mozilla Browser 1.1 Alpha
Mozilla Browser 1.1 Beta
Mozilla Browser 1.2 Alpha
Mozilla Browser 1.2
Mozilla Browser 1.2 Beta
Mozilla Browser 1.2.1
Mozilla Browser 1.3
Mozilla Browser 1.3.1
Mozilla Browser 1.4 b
Mozilla Browser 1.4
Mozilla Browser 1.4 a
Mozilla Browser 1.4.1
Mozilla Browser 1.4.2
Mozilla Browser 1.5
Mozilla Browser 1.6