CVE-2008-0304Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
7.5HIGHNVD
EPSS
30.5%
top 3.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedFeb 29
Latest updateMay 1

Description

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmozilla/thunderbird2.0.0.9

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-3j5j-x7ph-c2r8: Heap-based buffer overflow in Mozilla Thunderbird before 22022-05-01

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2008-07-25
Ubuntu
Thunderbird regression2008-03-06
Ubuntu
Thunderbird vulnerabilities2008-02-29
Red Hat
thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability2008-02-26

💬Community

1
Bugzilla
CVE-2008-0304 thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability2008-02-27
CVE-2008-0304 — Mozilla Seamonkey vulnerability | cvebase