CVE-2008-4070

Publication date 27 September 2008

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mozilla-thunderbird	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1
	6.06 LTS dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1
thunderbird	8.04 LTS hardy	Fixed 2.0.0.17+nobinonly-0ubuntu0.8.04.1
	7.10 gutsy	Fixed 2.0.0.17+nobinonly-0ubuntu0.7.10.1
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-647-1
Thunderbird vulnerabilities
26 September 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4070