fkie_nvd - fkie_cve-2004-0902

fkie_cve-2004-0902

Vulnerability from fkie_nvd

Published

2005-01-27 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

References

URL	Tags
cve@mitre.org	http://bugzilla.mozilla.org/show_bug.cgi?id=226669
cve@mitre.org	http://bugzilla.mozilla.org/show_bug.cgi?id=245066
cve@mitre.org	http://bugzilla.mozilla.org/show_bug.cgi?id=256316
cve@mitre.org	http://bugzilla.mozilla.org/show_bug.cgi?id=258005
cve@mitre.org	http://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.org	http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.org	http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA04-261A.html	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17379
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.mozilla.org/show_bug.cgi?id=226669
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.mozilla.org/show_bug.cgi?id=245066
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.mozilla.org/show_bug.cgi?id=256316
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.mozilla.org/show_bug.cgi?id=258005
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA04-261A.html	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17379
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201

Impacted products

Vendor	Product	Version
mozilla	mozilla	1.7
mozilla	mozilla	1.7.1
mozilla	mozilla	1.7.2
mozilla	thunderbird	0.7
mozilla	thunderbird	0.7.1
mozilla	thunderbird	0.7.2
mozilla	thunderbird	0.7.3
conectiva	linux	9.0
conectiva	linux	10.0
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	3.0
redhat	enterprise_linux	3.0
redhat	enterprise_linux	3.0
redhat	enterprise_linux_desktop	3.0
redhat	fedora_core	core_1.0
redhat	linux	7.3
redhat	linux	7.3
redhat	linux	7.3
redhat	linux	9.0
redhat	linux_advanced_workstation	2.1
redhat	linux_advanced_workstation	2.1
suse	suse_linux	1.0
suse	suse_linux	8
suse	suse_linux	8.1
suse	suse_linux	8.2
suse	suse_linux	9.0
suse	suse_linux	9.0
suse	suse_linux	9.0
suse	suse_linux	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
              "matchCriteriaId": "05853955-CA81-40D3-9A70-1227F3270D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
              "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname."
    }
  ],
  "id": "CVE-2004-0902",
  "lastModified": "2024-11-20T23:49:38.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-27T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226669"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=245066"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=256316"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=258005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=245066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=256316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=258005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-0902

Vulnerability from cvelistv5

Published

2004-09-24 04:00

Modified

2024-08-08 00:31