Your submission was sent successfully! Close

CVE-2008-4070

Published: 27 September 2008

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

Priority

Medium

Status

Package Release Status
mozilla-thunderbird
Launchpad, Ubuntu, Debian
dapper
Released (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1)
feisty
Released (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1)
gutsy Does not exist

hardy Does not exist

upstream Needs triage

thunderbird
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy
Released (2.0.0.17+nobinonly-0ubuntu0.7.10.1)
hardy
Released (2.0.0.17+nobinonly-0ubuntu0.8.04.1)
upstream
Released (2.0.0.17)