Mozilla

mozilla

Mozilla Foundation Security Advisory 2008-26

Buffer length checks in MIME processing

Announced
July 23, 2008
Reporter
Mozilla developers
Impact
Low
Products
SeaMonkey, Thunderbird
Fixed in
  • SeaMonkey 1.1.10
  • Thunderbird 2.0.0.16

Description

As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes.

References