CVE 2008-4070
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
Related bugs and status
CVE-2008-4070 (Candidate) is related to these bugs:
Bug #218534: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14
Bug #276437: security upgrade of seamonkey 1.1.12
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
276437 | security upgrade of seamonkey 1.1.12 | seamonkey (Ubuntu) | Undecided | Fix Released | ||
276437 | security upgrade of seamonkey 1.1.12 | seamonkey (Ubuntu Hardy) | Undecided | Fix Released | ||
276437 | security upgrade of seamonkey 1.1.12 | seamonkey (Ubuntu Intrepid) | Undecided | Fix Released |
Bug #469752: firefox,3.5/3.6 startup-notification bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu) | Medium | Invalid | ||
469752 | firefox,3.5/3.6 startup-notification bug | Mozilla Firefox | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Suse) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu Lucid) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu Lucid) | Medium | Invalid |
See the
CVE page on Mitre.org
for more details.