Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0399

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-0399
Last Modified 07 Mar 2011 09:19:54
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0399

Summary

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Thunderbird 0.1

  • Mozilla Thunderbird 0.2

  • Mozilla Thunderbird 0.3

  • Mozilla Thunderbird 0.4

  • Mozilla Thunderbird 0.5

  • Mozilla Thunderbird 0.6

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.7.1

  • Mozilla Thunderbird 0.7.2

  • Mozilla Thunderbird 0.7.3

  • Mozilla Thunderbird 0.8

  • Mozilla Thunderbird 0.9

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1


References

CERT-VN - VU#557948

SECUNIA - 14654

MISC - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877

XF - gif-extension-overflow(19269)

ISS - 20050323 Mozilla Foundation GIF Overflow

VUPEN - ADV-2005-0296

BID - 12881

REDHAT - RHSA-2005:337

REDHAT - RHSA-2005:336

REDHAT - RHSA-2005:335

REDHAT - RHSA-2005:323

SUSE - SUSE-SA:2006:004

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-30.html

GENTOO - GLSA-200503-30

CIAC - P-160

BID - 15495

SECUNIA - 19823

SCO - SCOSA-2005.49

SUSE - SUSE-SA:2006:022


Last Updated: 27 May 2016 11:02:28