CVE-2004-0904

Severity

99%

Complexity

99%

Confidentiality

165%

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 20 years ago

2004-12-31 05:00:00

Last updated 7 years ago

2017-10-11 01:29:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9 rc

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Mozilla 1.7

1.7

Mozilla Mozilla 1.7 rc3

1.7

Mozilla Mozilla 1.7.1

1.7.1

Mozilla Mozilla 1.7.2

1.7.2

Mozilla Thunderbird 0.6

0.6

Mozilla Thunderbird 0.7

0.7

Mozilla Thunderbird 0.7.1

0.7.1

Mozilla Thunderbird 0.7.2

0.7.2

Mozilla Thunderbird 0.7.3

0.7.3

Netscape Navigator 7.0

7.0

Netscape Navigator 7.0.2

7.0.2

Netscape Navigator 7.1

7.1

Netscape Navigator 7.2

7.2

Conectiva Linux 9.0

9.0

Conectiva Linux 10.0

10.0

Red Hat Desktop 3.0

3.0

Red Hat Linux 7.3

7.3

References

http://bugzilla.mozilla.org/show_bug.cgi?id=255067

Vendor Advisory

SSRT4826

FLSA:2089

GLSA-200409-26

VU#847200

Third Party Advisory, US Government Resource

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

SUSE-SA:2004:036

11171