[2008-07-23] Thunderbird 220.127.116.11 url handling cpu+memory consumption DOS
Thunderbird 18.104.22.168 is prone to a remote denial of service attack because it fails to properly handle overly long url's in the form of www.[100000+ x 'a'].com.An example will be <a href="http://www.a.a.a.a.a....[100000+].com/">test</a> embedded into a html file sent as an attachement.When trying to open the email Thunderbird will try to interpret the html page for inline display and start eating up big amounts of cpu and memory(ram) and stop responding thus hanging.A malicious attacker can send an email having attached such an html file,thereby causing a remote denial of service attack on thunderbird clients trying to open the email.
Tested on Thunderbird 22.214.171.124 under Windows XP.Other versions might be affected too.
POC/Exploit code [.html]
The following proof of concept html page has been provided thunderbird.html