CVE-2004-0904

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=255067	Vendor Advisory
http://marc.info/?l=bugtraq&m=109698896104418&w=2
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.kb.cert.org/vuls/id/847200	Third Party Advisory US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.securityfocus.com/bid/11171	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-261A.html	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
http://bugzilla.mozilla.org/show_bug.cgi?id=255067	Vendor Advisory
http://marc.info/?l=bugtraq&m=109698896104418&w=2
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.kb.cert.org/vuls/id/847200	Third Party Advisory US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.securityfocus.com/bid/11171	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-261A.html	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
	cpe:2.3:a:netscape:navigator:7.0:::::::*
	cpe:2.3:a:netscape:navigator:7.0.2:::::::*
	cpe:2.3:a:netscape:navigator:7.1:::::::*
	cpe:2.3:a:netscape:navigator:7.2:::::::*
	cpe:2.3:o:conectiva:linux:9.0:::::::*
	cpe:2.3:o:conectiva:linux:10.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:7.3::i386:::::
	cpe:2.3:o:redhat:linux:7.3::i686:::::
	cpe:2.3:o:redhat:linux:9.0::i386:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::

History

20 Nov 2024, 23:49

Type	Values Removed	Values Added
References	~~() http://bugzilla.mozilla.org/show_bug.cgi?id=255067 - Vendor Advisory~~	() http://bugzilla.mozilla.org/show_bug.cgi?id=255067 - Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=109698896104418&w=2 -~~	() http://marc.info/?l=bugtraq&m=109698896104418&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=109900315219363&w=2 -~~	() http://marc.info/?l=bugtraq&m=109900315219363&w=2 -
References	~~() http://security.gentoo.org/glsa/glsa-200409-26.xml -~~	() http://security.gentoo.org/glsa/glsa-200409-26.xml -
References	~~() http://www.kb.cert.org/vuls/id/847200 - Third Party Advisory, US Government Resource~~	() http://www.kb.cert.org/vuls/id/847200 - Third Party Advisory, US Government Resource
References	~~() http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 -~~	() http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 -
References	~~() http://www.novell.com/linux/security/advisories/2004_36_mozilla.html -~~	() http://www.novell.com/linux/security/advisories/2004_36_mozilla.html -
References	~~() http://www.securityfocus.com/bid/11171 - Vendor Advisory~~	() http://www.securityfocus.com/bid/11171 - Vendor Advisory
References	~~() http://www.us-cert.gov/cas/techalerts/TA04-261A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA04-261A.html - US Government Resource
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 -

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:49

NVD link : CVE-2004-0904

Mitre link : CVE-2004-0904

CVE.ORG link : CVE-2004-0904

JSON object : View

Products Affected

conectiva

linux

redhat

linux
linux_advanced_workstation
fedora_core
enterprise_linux
enterprise_linux_desktop

netscape

navigator

mozilla

thunderbird
mozilla
firefox

CWE

NVD-CWE-Other

10.0 /10