Heap overflow when canceling newsgroup message

2008-09-25T00:00:00
ID MFSA2008-46
Type mozilla
Reporter Mozilla Foundation
Modified 2008-09-25T00:00:00

Description

Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.