Mozilla

Mozilla

Mozilla Foundation Security Advisory 2008-46

Heap overflow when canceling newsgroup message

Announced
September 25, 2008
Reporter
Georgi Guninski
Impact
Critical
Products
SeaMonkey, Thunderbird
Fixed in
  • SeaMonkey 1.1.12
  • Thunderbird 2.0.0.17

Description

Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.

References