HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2008-24
MIME External-Body Heap Overflow Vulnerability in Mozilla Products

Original Issue Date: March 7, 2008

Severity Rating: High

System Affected

  • Thunderbird versions prior to 2.0.0.12
  • SeaMonkey versions prior to 1.1.8

Overview

A heap based buffer overflow vulnerability has been reported in Mozilla which could be exploited by remote attacker to execute arbitrary code with the privileges of the current user.

Description

Mozilla Thunderbird is an open source electronic mail client and news reader.

A heap based buffer overflow vulnerability has been reported in Mozilla Thunderbird and SeaMonkey due to incorrect memory allocation when parsing the external-body MIME type in an electronic mail. This vulnerability could be exploited by remote attacker to execute arbitrary code with the privileges of the current user via crafted external-body MIME type in an e-mail message.

Solutions

 Upgrade to Thunderbird version 2.0.0.12
Upgrade to SeaMonkey version 1.1.8
http://www.mozilla.org/download.html

Vendor Information

Mozilla Foundation
http://www.mozilla.org

References

Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-12.html

iDefence
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668

SecurityTracker
http://securitytracker.com/alerts/2008/Feb/1019504.html

SecurityFocus
http://www.securityfocus.com/bid/28012

Secunia
http://secunia.com/advisories/29133

CVE Name
CVE-2008-0304

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003