Rapid7 Vulnerability & Exploit Database

USN-582-1: Thunderbird vulnerabilities

Back to Search

USN-582-1: Thunderbird vulnerabilities

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

02/11/2008

Created

07/25/2018

Added

05/06/2013

Modified

07/09/2020

Description

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

Solution(s)

ubuntu-upgrade-mozilla-thunderbird
ubuntu-upgrade-thunderbird

References

https://attackerkb.com/topics/cve-2008-0304
24293
27406
27683
27826
28012
309608
661651
CVE - 2008-0304
CVE - 2008-0412
CVE - 2008-0413
CVE - 2008-0415
CVE - 2008-0418
CVE - 2008-0420
CVE - 2008-0591
DSA-1484
DSA-1485
DSA-1489
DSA-1506
DSA-1621
DSA-1697
OVAL10119
OVAL10385
OVAL10573
OVAL10705
OVAL10900
OVAL11075
OVAL9897
RHSA-2008:0103
RHSA-2008:0104
RHSA-2008:0105
SUSE-SA:2008:008
USN-582-1
40491
40606

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

USN-582-1: Thunderbird vulnerabilities