Mozilla Foundation Security Advisory 2008-46
Title: Heap overflow when canceling newsgroup message
Impact: Critical
Announced: September 25, 2008
Reporter: Georgi Guninski
Products: Thunderbird, SeaMonkey
Fixed in: Thunderbird 2.0.0.17
SeaMonkey 1.1.12
Description
Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=425152
* CVE-2008-4070