Candidate: CVE-2008-4070
PublicDate: 2008-09-27 10:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070
 https://ubuntu.com/security/notices/USN-647-1
Description:
 Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and
 SeaMonkey before 1.1.12 allows remote attackers to cause a denial of
 service (application crash) or possibly execute arbitrary code via a long
 header in a news article, related to "canceling [a] newsgroup message" and
 "cancelled newsgroup messages."
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_thunderbird:
upstream_thunderbird: released (2.0.0.17)
dapper_thunderbird: DNE
feisty_thunderbird: DNE
gutsy_thunderbird: released (2.0.0.17+nobinonly-0ubuntu0.7.10.1)
hardy_thunderbird: released (2.0.0.17+nobinonly-0ubuntu0.8.04.1)
devel_thunderbird: released (2.0.0.17+nobinonly-0ubuntu1)

Patches_mozilla-thunderbird:
Priority_mozilla-thunderbird: low
upstream_mozilla-thunderbird: needs-triage
dapper_mozilla-thunderbird: released (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1)
feisty_mozilla-thunderbird: released (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1)
gutsy_mozilla-thunderbird: DNE
hardy_mozilla-thunderbird: DNE
devel_mozilla-thunderbird: DNE