Posted by Brandon Perry on Jul 06

I have gone ahead and just pushed my fuzzing results to Github. These were found with American Fuzzy Lop.

https://github.com/brandonprry/ical-fuzz <https://github.com/brandonprry/ical-fuzz>

While Mozilla lists information leaks as viable for a bug bounty [1], unless it straight up crashes Thunderbird (which
heap over reads may or may not do depending on the surrounding memory), it doesn’t seem they will care much and will
mark your…