Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0902

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0902
Last Modified 21 Aug 2010 12:21:26
Published 27 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0902

Summary

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 1.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

  • Redhat Linux Advanced Workstation 2.1

  • Suse Linux 1.0

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

Application

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.7.1

  • Mozilla Thunderbird 0.7.2

  • Mozilla Thunderbird 0.7.3


References

CERT - TA04-261A

XF - mozilla-nspop3protocol-bo(17379)

XF - mozilla-netscape-nonascii-bo(17378)

SUSE - SUSE-SA:2004:036

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

GENTOO - GLSA-200409-26

FEDORA - FLSA:2089

HP - SSRT4826

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=258005

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=256316

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=245066

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=226669


Last Updated: 27 May 2016 10:38:48