CVE-2008-4070Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
2.8%
top 13.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedSep 27
Latest updateMay 2

Description

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/seamonkey1.1.11+15
NVDmozilla/thunderbird2.0.0.16+50

Patches

Patch: www.mozilla.orgPatch: www.securityfocus.comPatch: www.mozilla.org

🔴Vulnerability Details

1
GHSA
GHSA-47xq-mwq7-mw56: Heap-based buffer overflow in Mozilla Thunderbird before 22022-05-02

📋Vendor Advisories

2
Ubuntu
Thunderbird vulnerabilities2008-09-26
Red Hat
Thunderbird cancelled newsgrop messages2008-09-25

💬Community

1
Bugzilla
CVE-2008-4070 Thunderbird cancelled newsgrop messages2008-09-26
CVE-2008-4070 — Mozilla Seamonkey vulnerability | cvebase