Bug 435123 (CVE-2008-0304)

Summary: CVE-2008-0304 thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: gecko-bugs-nobody
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=mozilla,reported=20080128,public=20080226,impact=critical
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-03 02:48:28 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Tomas Hoger 2008-02-27 09:59:13 EST
From MFSA 2008-12:

Security research firm iDefense reported that researcher regenrecht discovered a
heap-based buffer overflow vulnerability in Mozilla mail code which could
potentially allow an attacker to run arbitrary code. The vulnerability is caused
by allocating a buffer that can be three bytes too small in certain cases when
viewing an email message with an external MIME body.

Workaround:
Users can prevent the vulnerable code from being triggered by setting the
"mailnews.display.disallow_mime_handlers" property to any value greater than or
equal to 3.

Fixed in:
  Thunderbird 2.0.0.12
  SeaMonkey 1.1.8

References:
http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
https://bugzilla.mozilla.org/show_bug.cgi?id=412363
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668
Comment 1 Tomas Hoger 2008-02-27 10:01:51 EST
This issue was already addressed in Thunderbird and SeaMonkey packages shipped
in Red Hat Enterprise Linux via following advisories:

  https://rhn.redhat.com/errata/RHSA-2008-0104.html
  https://rhn.redhat.com/errata/RHSA-2008-0105.html
Comment 2 Fedora Update System 2008-02-28 16:38:08 EST
thunderbird-2.0.0.12-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2008-02-28 16:45:02 EST
thunderbird-2.0.0.12-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.