Lucene search
Mozilla FoundationMFSA2008-12HistoryFeb 26, 2008 - 12:00 a.m.
Heap buffer overflow in external MIME bodies — Mozilla
2008-02-2600:00:00
Mozilla Foundation
www.mozilla.org
18
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.356
Percentile
97.2%
Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow vulnerability in Mozilla mail code which could potentially allow an attacker to run arbitrary code. The vulnerability is caused by allocating a buffer that can be three bytes too small in certain cases when viewing an email message with an external MIME body.
Affected configurations
Node
mozillaseamonkeyRange<1.1.8
ORmozillathunderbirdRange<2.0.0.12
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
Related
prion
prion
Heap overflow
2008-02-29 19:44:00
cve
cve
CVE-2008-0304
2008-02-29 19:44:00
securityvulns
securityvulns
iDefense Security Advisory 02.26.08: Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability
2008-02-27 00:00:00
Mozilla Thunderbird buffer overflow
2008-02-27 00:00:00
Mozilla Foundation Security Advisory 2008-12
2008-02-27 00:00:00
nvd
nvd
CVE-2008-0304
2008-02-29 19:44:00
seebug
seebug
Mozilla Thunderbird MIME外部主体堆溢出漏洞
2008-02-28 00:00:00
cert
cert
Mozilla Thunderbird external-body MIME type buffer overflow
2008-03-06 00:00:00
cvelist
cvelist
CVE-2008-0304
2008-02-29 19:00:00
ubuntucve
ubuntucve
CVE-2008-0304
2008-02-29 00:00:00
nessus
nessus
Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities
2008-02-27 00:00:00
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:062)
2009-04-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2008-061-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2008-061-01 mozilla-thunderbird
2012-09-11 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2008:062 (mozilla-thunderbird)
2009-04-09 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2008-03-01 23:36:00
ubuntu
ubuntu
Thunderbird regression
2008-03-06 00:00:00
Thunderbird vulnerabilities
2008-02-29 00:00:00
Thunderbird vulnerabilities
2008-07-25 00:00:00
osv
osv
icedove - several vulnerabilities
2008-07-27 00:00:00
iceape - several vulnerabilities
2009-01-07 00:00:00
debian
debian
[SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities
2008-07-27 21:38:47
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities
2009-01-07 21:41:42
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.12-1.fc7
2008-02-28 21:46:05
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: seamonkey security update
2008-02-08 00:00:00
centos
centos
thunderbird security update
2008-02-08 19:19:22
seamonkey security update
2008-02-08 19:04:30
seamonkey security update
2008-02-11 00:20:26
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0104) Critical: seamonkey security update
2008-02-07 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.356
Percentile
97.2%
Related for MFSA2008-12