CVE-2004-0904: Buffer Overflow
First published: Fri Sep 24 2004(Updated: )
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | =0.6 | |
| Firefox | =0.8 | |
| Thunderbird | =0.7.2 | |
| Conectiva Linux | =9.0 | |
| Mozilla Firefox | =1.7 | |
| Firefox | =0.9.1 | |
| Netscape Navigator | =7.1 | |
| Firefox | =0.9 | |
| Netscape Navigator | =7.2 | |
| Netscape Navigator | =7.0 | |
| Mozilla Firefox | =1.7.1 | |
| Thunderbird | =0.7.3 | |
| Netscape Navigator | =7.0.2 | |
| Firefox | =0.9.3 | |
| Thunderbird | =0.7 | |
| Firefox | =0.9.2 | |
| Conectiva Linux | =10.0 | |
| Mozilla Firefox | =1.7.2 | |
| Firefox | =0.9-rc | |
| Mozilla Firefox | =1.7-rc3 | |
| Thunderbird | =0.7.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Linux | =7.3 | |
| Red Hat Enterprise Linux Desktop | =3.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Fedora Core | =core_1.0 | |
| Red Hat Linux | =7.3 | |
| Red Hat Linux | =9.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Linux | =7.3 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/847200
- http://www.securityfocus.com/bid/11171
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
Frequently Asked Questions
What is the severity of CVE-2004-0904?
CVE-2004-0904 is considered to be of high severity as it allows remote attackers to execute arbitrary code.
How do I fix CVE-2004-0904?
To fix CVE-2004-0904, upgrade to the latest versions of affected software such as Mozilla Firefox, Mozilla, or Thunderbird.
What software is affected by CVE-2004-0904?
CVE-2004-0904 affects Mozilla Firefox versions prior to 1.7.3, Mozilla versions prior to 1.7, and Thunderbird versions before 0.8.
What type of attack does CVE-2004-0904 facilitate?
CVE-2004-0904 facilitates heap-based buffer overflow attacks through specially crafted wide bitmap files.
Can CVE-2004-0904 be exploited remotely?
Yes, CVE-2004-0904 can be exploited remotely, allowing attackers to potentially control the affected system.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/mozilla
- product/thunderbird
- canonical/mozilla thunderbird
- product/firefox
- canonical/mozilla firefox
- vendor/conectiva
- product/linux
- canonical/conectiva linux
- product/mozilla
- canonical/mozilla mozilla
- vendor/netscape
- product/navigator
- canonical/netscape navigator
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- canonical/redhat linux
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- product/fedora core
- canonical/redhat fedora core
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/thunderbird
- version/thunderbird/0.6
- canonical/firefox
- version/firefox/0.8
- version/thunderbird/0.7.2
- version/conectiva linux/9.0
- version/mozilla firefox/1.7
- version/firefox/0.9.1
- version/netscape navigator/7.1
- version/firefox/0.9
- version/netscape navigator/7.2
- version/netscape navigator/7.0
- version/mozilla firefox/1.7.1
- version/thunderbird/0.7.3
- version/netscape navigator/7.0.2
- version/firefox/0.9.3
- version/thunderbird/0.7
- version/firefox/0.9.2
- version/conectiva linux/10.0
- version/mozilla firefox/1.7.2
- version/firefox/0.9-rc
- version/mozilla firefox/1.7-rc3
- version/thunderbird/0.7.1
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- canonical/red hat linux
- version/red hat linux/7.3
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/3.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- version/red hat enterprise linux/3.0
- canonical/red hat fedora core
- version/red hat fedora core/core_1.0
- version/red hat linux/9.0