Mozilla Foundation Security Advisory 2008-26

Buffer length checks in MIME processing

Announced

July 23, 2008

Reporter

Mozilla developers

Impact

Low

Products

SeaMonkey, Thunderbird

Fixed in

SeaMonkey 1.1.10
Thunderbird 2.0.0.16

Description

As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=413874

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising