Mozilla Foundation Security Advisory 2008-46

Heap overflow when canceling newsgroup message

Announced

September 25, 2008

Reporter

Georgi Guninski

Impact

Critical

Products

SeaMonkey, Thunderbird

Fixed in

SeaMonkey 1.1.12
Thunderbird 2.0.0.17

Description

Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=425152
CVE-2008-4070

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising