10

CVE-2008-4070

Exploit
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaSeamonkey Version <= 1.1.11
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.7
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.0.99
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.10
MozillaThunderbird Version <= 2.0.0.16
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.3
MozillaThunderbird Version1.0.4
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.5 Updatebeta
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.11
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
MozillaThunderbird Version1.7.1
MozillaThunderbird Version1.7.3
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.1
MozillaThunderbird Version2.0.0.2
MozillaThunderbird Version2.0.0.3
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.5
MozillaThunderbird Version2.0.0.6
MozillaThunderbird Version2.0.0.7
MozillaThunderbird Version2.0.0.9
MozillaThunderbird Version2.0.0.11
MozillaThunderbird Version2.0.0.12
MozillaThunderbird Version2.0.0.13
MozillaThunderbird Version2.0.0.14
MozillaThunderbird Version2.0.0.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.35% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33434
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
http://secunia.com/advisories/32010
http://secunia.com/advisories/32044
http://secunia.com/advisories/32082
http://secunia.com/advisories/32092
http://secunia.com/advisories/32196
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
http://www.redhat.com/support/errata/RHSA-2008-0908.html
http://secunia.com/advisories/32025
http://www.ubuntu.com/usn/usn-647-1
http://www.mozilla.org/security/announce/2008/mfsa2008-46.html
Patch
http://www.securityfocus.com/bid/31411
Patch
http://www.securitytracker.com/id?1020948
https://bugzilla.mozilla.org/show_bug.cgi?id=425152
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/45426
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10933