CVE-2008-0304

Published: Feb 29, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.

Affected (2)

Products: Mozilla: Seamonkey, Thunderbird

2 products

Configuration A

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Mozilla Seamonkey	Up to 1.1.7
Mozilla Thunderbird	Up to 2.0.0.9

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (50)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668

Source: cve@mitre.org

http://secunia.com/advisories/29098

Source: cve@mitre.org

http://secunia.com/advisories/29133

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29167

Source: cve@mitre.org

http://secunia.com/advisories/29211

Source: cve@mitre.org

http://secunia.com/advisories/30327

Source: cve@mitre.org

http://secunia.com/advisories/31043

Source: cve@mitre.org

http://secunia.com/advisories/31253

Source: cve@mitre.org

http://secunia.com/advisories/33433

Source: cve@mitre.org

http://securitytracker.com/id?1019504

Source: cve@mitre.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1621

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1697

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/661651

Source: cve@mitre.org

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2008:062

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2008/mfsa2008-12.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/28012

Source: cve@mitre.org

Patch

http://www.ubuntu.com/usn/usn-582-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-582-2

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2091/references

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11075

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29098

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29133

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/29167

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29211

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30327

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31043

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31253

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33433

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1019504

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1621

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1697

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/661651

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2008:062

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2008/mfsa2008-12.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28012

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ubuntu.com/usn/usn-582-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-582-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2091/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11075

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.