It seems the IMAP client crash I accidentally discovered in Thunderbird/Icedove was already known.
My report is a duplicate of a bug which was previously reported in 2007. Oops.
ObFilm: The Lost Boys
-
Archive
Tag List
- 3g (1)
- accesslogs (1)
- acl (1)
- acon (1)
- advertising (1)
- advisories (1)
- alioth (1)
- amd64 (1)
- anti-spam (7)
- anti-virus (5)
- apache (4)
- apache2 (3)
- apt (1)
- apt caching (1)
- apt-caching (1)
- apt-get (2)
- arch (1)
- asql (4)
- asus (2)
- attackers (1)
- auditing (1)
- authors:brust (1)
- authors:pratchett (1)
- automation (2)
- backports (2)
- backups (1)
- bash-completion (2)
- birthday (3)
- birthday.my.flat (2)
- blacklist (2)
- blog (3)
- blogging (1)
- blogs (2)
- blogspam (6)
- bluetooth (1)
- boo-boo (2)
- bookmarks (1)
- books (4)
- bootstrap (2)
- bored now (1)
- bounces (1)
- bouncy bouncy (2)
- brad (1)
- bsign (1)
- bts (1)
- bug-reports (1)
- bugs (5)
- buildd (2)
- busybox (1)
- bytemark (3)
- caching (1)
- cameras (1)
- centos (1)
- cfengine (6)
- cgi::application (2)
- chef (1)
- chiron (1)
- christmas (2)
- chronicle (24)
- cinema-buddies (1)
- clisp (1)
- cloud (1)
- clubs (1)
- clustering (1)
- codecs (1)
- coding (1)
- comments (3)
- common-lisp (1)
- computers (2)
- computers:gold (2)
- computers:mine (2)
- computers:vain (2)
- control-panels (1)
- crm114 (1)
- css (1)
- ctrl-alt-date (1)
- cv (2)
- cvs (5)
- cvsrepository (5)
- d'oh (1)
- data (1)
- debconf7 (5)
- debian (27)
- debian packages (1)
- debian security team (2)
- debian-administration (8)
- debianadmin (1)
- debootstrap (2)
- decide (2)
- desktop (1)
- development (1)
- discontinuation (1)
- distributed (1)
- diy (3)
- dmonitor (3)
- dns (1)
- dnsmasq (1)
- doh (1)
- doing-stuff (1)
- domains (1)
- done (1)
- dotfile-manager (2)
- dotfiles (3)
- dpl (2)
- drupal (1)
- dsa (3)
- ecartis (1)
- edinburgh (4)
- eee pc (3)
- emacs (3)
- embedded (1)
- engagement (1)
- engines (1)
- entrys that should be articles (1)
- etch (3)
- events (1)
- evil (1)
- exaile (3)
- exim4 (3)
- experiments (1)
- false alarm (1)
- fantasy (1)
- filesystems (3)
- films (3)
- firewalls (1)
- flat (5)
- fonts (1)
- food (1)
- fork (1)
- forums (2)
- free-time (1)
- ftp (1)
- fuckups (1)
- fuse (2)
- gaim (1)
- game (2)
- garlic (1)
- gdm (1)
- gentoo (1)
- git (2)
- glasgow (1)
- gmail (3)
- gnomad2 (1)
- gnome (2)
- gnu screen (6)
- gnump3d (1)
- gnupod (1)
- gpg (1)
- hacks (6)
- hardening (1)
- health (2)
- history (1)
- holiday (1)
- homework (1)
- hosting (1)
- html (1)
- html-tool (2)
- http (1)
- hypermail (1)
- i386 (1)
- icedove (1)
- ideas (2)
- ikiwiki (1)
- image galleries (1)
- images (4)
- imap (5)
- init (1)
- ipod (2)
- ipv6 (1)
- irony (2)
- irritations (2)
- javascript (4)
- joejobs (1)
- jquery (7)
- json (1)
- kernel-viewer (1)
- kernels (4)
- kettle (1)
- keysigning (1)
- killfile (1)
- kite (1)
- kvm (8)
- kvm-hosting (1)
- lars (1)
- lazyweb (15)
- ldap (1)
- leith (1)
- lenny (10)
- less (1)
- letters (2)
- life (1)
- lighting (1)
- lighttpd (1)
- links (3)
- linux kernel (1)
- lisp (2)
- lists (1)
- livejournal (2)
- local-people (2)
- logfiles (1)
- logging (1)
- logs (1)
- lvm (1)
- lvs (1)
- lwn (1)
- machines:steve (1)
- madduck (1)
- mail-scanning (14)
- maildir (2)
- mailman (1)
- make (2)
- make-kpkg (1)
- mamod (2)
- marshall (1)
- md5sum (1)
- mdadm (1)
- megan (10)
- memcached (2)
- memcachedb (1)
- meme (1)
- mephisto (2)
- mercurial (5)
- meta (10)
- meta-packages (1)
- metacity (1)
- mice.my.flat (1)
- migration (3)
- migrations (1)
- mini-stack (1)
- mirror (1)
- misc (1)
- mod_perl (2)
- modems (1)
- morbid (1)
- mousetrap (1)
- mozilla (1)
- mp3 (1)
- ms-dos (1)
- music (1)
- mutt (9)
- mutt-ng (2)
- mutt-patched (1)
- muttng (2)
- muttrc (1)
- mybin (1)
- mysql (4)
- namecheck (2)
- neat (1)
- network-manager (1)
- new-maintainer (1)
- new-queue (1)
- nginx (2)
- nintendo ds (2)
- nntp (1)
- nokia (1)
- nokia 770 (1)
- nokia 810 (1)
- nostalgia (2)
- not-job-hunting-mr.boss (2)
- novatech (1)
- nvidia (1)
- o2 (1)
- obrandom (1)
- ogg (1)
- online (1)
- oom (1)
- opengear (1)
- openid (3)
- openldap (1)
- openssl (1)
- opera (1)
- otrs2 (1)
- outages (1)
- paging (2)
- palm pre (2)
- pam (1)
- patches (3)
- pc (1)
- performance (1)
- perl (12)
- permissions (1)
- personal (2)
- photography (1)
- photos (1)
- php-syslog-ng (1)
- pics (1)
- pictures (1)
- pies (1)
- pirates (1)
- planet-debian (7)
- planet-planet (2)
- planet-search (4)
- playlists (1)
- politics (1)
- pop3 (1)
- portage (1)
- postcards (1)
- pre-disclosure (1)
- prices (1)
- privoxy (2)
- procmail (4)
- projects (4)
- prototype (1)
- proxies (1)
- public bugfixing (5)
- puppet (3)
- pure-ftpd (1)
- pushing my luck (1)
- pxe (1)
- qpsmtpd (5)
- questions (2)
- quilt (1)
- raid (1)
- rails (3)
- random (38)
- random hacks (3)
- randomness (4)
- rants (7)
- rapt (2)
- rats (2)
- rats.my.flat (1)
- rebuildd (1)
- recovery (1)
- red dwarf (1)
- redis (1)
- reinstallation (1)
- reinventing the wheel (1)
- release (1)
- reprepro (2)
- request tracker (3)
- resume (2)
- rfc (1)
- rhetorical (1)
- rinse (3)
- roundup (3)
- rpm (2)
- rss (1)
- rsync (1)
- ruby (2)
- ruby on rails (1)
- satisfaction (1)
- sauna (1)
- screen (7)
- scriptalicious (1)
- sdl (2)
- searching (2)
- security (11)
- security advisories (1)
- security audit (1)
- security holes (1)
- security team (1)
- selinux (2)
- selling (1)
- seo (1)
- setuid (1)
- sexism (1)
- shellcode (2)
- shock horror (1)
- shopping (1)
- shuffling (1)
- sid (2)
- sidebar (1)
- sift (5)
- six (1)
- skxlist (1)
- skxmail (2)
- skxstats (1)
- slaughter (2)
- smtp (1)
- softawre that should exist (1)
- software (2)
- software which should exist (3)
- soul-stealing (1)
- source (1)
- source-searching (1)
- sourcescan (3)
- space invaders (1)
- spam (7)
- spamgourmet (1)
- sql (1)
- sqlite (1)
- ssh (1)
- ssl (2)
- ssss (1)
- stats (1)
- stealing (1)
- steam (6)
- stenogrpahy (1)
- stress (1)
- support (1)
- sword of truth (1)
- sysadmin (1)
- syslog (2)
- tags (3)
- tef (1)
- television (1)
- templating (1)
- terry goodkind (1)
- tgrep (1)
- thttpd (2)
- thunderbird (1)
- tigger (1)
- tips (1)
- tk (1)
- todo (11)
- tools (5)
- tor (1)
- travel (3)
- trust (1)
- tscreen (6)
- tv (2)
- typo (2)
- ubuntu (2)
- udev (1)
- unix (1)
- usb (2)
- usb booting (1)
- useful (1)
- user-greatness (1)
- utf (1)
- utf-8 (1)
- utf8 (1)
- utilities (5)
- vain.my.flat (1)
- valentines (1)
- videos (1)
- vienna (2)
- virtual hosting (1)
- vnc (1)
- voting (1)
- webml (1)
- websites (1)
- webstats (2)
- wedding (1)
- weddings (1)
- wget (1)
- whisky (1)
- wiki (1)
- wikipedia (1)
- wishlist (1)
- wml (1)
- woe is me (1)
- wordpress (4)
- work (3)
- x.org (1)
- xdmcp (2)
- xen (9)
- xen-hosting (7)
- xen-shell (9)
- xen-tools (14)
- xine (1)
- xkcd (1)
- xml (2)
- xml-rpc (3)
- xmms (1)
- xmms2 (1)
- xorg (1)
- xss (2)
- youtube (1)
- yum (1)
- z80 (1)
RSS Feed
It really is impressive that it's 2 years old and not fixed, though. Still a good find. Maybe that'll convince someone to take care of it.
I've always disagreed with the Mozilla policy that an "instant crash" is a low security issue - After all If my mail/web client exits unexpectedly I'm annoyed regardless of the cause.
It does look like this one is going to be fixed for the next release, but a two year old bug is a surprise.
I guess anything that requires a bogus/broken/buggy IMAP server to trigger is going to be low priority - although DNS spoofing, or other redirection, could make it exploitable its not a realistic attack.