attachment spoofing in Mozilla Thunderbird SecuriTeam has reported a vulnerability that lies in the way that the mail reader Mozilla Thunderbird displays attachments, which allows an attacker to spoof them. The security flaw in Mozilla Thunderbird occurs because attached files are displayed incorrectly in messages. This flaw can be used to spoof the extension and icon associated to the file using a combination of over long names with blank spaces and Content-Type headers that do not correspond to the file extension. An attacker who successfully exploited this vulnerability could save malicious files to the desktop. Users of Mozilla Thunderbird are recommended to update by installing version 1.5, which is not affected by this security problem.