Lucene search
RootSSV:2954HistoryFeb 28, 2008 - 12:00 a.m.
Mozilla Thunderbird MIME外部主体堆溢出漏洞
2008-02-2800:00:00
Root
www.seebug.org
33
EPSS
0.316
Percentile
97.0%
CVE(CAN) ID: CVE-2008-0304
Thunderbird是Mozilla发布的邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。
Thunderbird在处理畸形格式的邮件数据时存在漏洞,远程攻击者可能利用此漏洞控制用户系统。
Thunderbird没有正确地解析邮件中的external-body MIME类型,在计算所要分配堆缓冲区的字节数时没有为所要拷贝的数据保留足够的空间。如果用户受骗打开了恶意邮件消息的话,就可能最多覆盖3字节的缓冲区,导致执行任意指令。
Mozilla Thunderbird 2.0.0.9
临时解决方法:
- 将mailnews.display.disallow_mime_handlers配置属性设置为>= 3。
厂商补丁:
Mozilla
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.mozilla.org/” target=“_blank”>http://www.mozilla.org/</a>
Related
cve
cve
CVE-2008-0304
2008-02-29 19:44:00
prion
prion
Heap overflow
2008-02-29 19:44:00
nvd
nvd
CVE-2008-0304
2008-02-29 19:44:00
mozilla
mozilla
Heap buffer overflow in external MIME bodies — Mozilla
2008-02-26 00:00:00
cert
cert
Mozilla Thunderbird external-body MIME type buffer overflow
2008-03-06 00:00:00
cvelist
cvelist
CVE-2008-0304
2008-02-29 19:00:00
securityvulns
securityvulns
Mozilla Thunderbird buffer overflow
2008-02-27 00:00:00
Mozilla Foundation Security Advisory 2008-12
2008-02-27 00:00:00
ubuntucve
ubuntucve
CVE-2008-0304
2008-02-29 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2008-061-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2008-061-01 mozilla-thunderbird
2012-09-11 00:00:00
Ubuntu Update for mozilla-thunderbird USN-582-2
2009-03-23 00:00:00
nessus
nessus
Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities
2008-02-27 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird (USN-582-2)
2013-03-09 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2008-03-01 23:36:00
ubuntu
ubuntu
Thunderbird regression
2008-03-06 00:00:00
Thunderbird vulnerabilities
2008-02-29 00:00:00
Thunderbird vulnerabilities
2008-07-25 00:00:00
osv
osv
icedove - several vulnerabilities
2008-07-27 00:00:00
iceape - several vulnerabilities
2009-01-07 00:00:00
debian
debian
[SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities
2008-07-27 21:38:47
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities
2009-01-07 21:41:42
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: seamonkey security update
2008-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.12-1.fc7
2008-02-28 21:46:05
centos
centos
thunderbird security update
2008-02-08 19:19:22
seamonkey security update
2008-02-08 19:04:30
seamonkey security update
2008-02-11 00:20:26
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0104) Critical: seamonkey security update
2008-02-07 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00