CVE-2004-0904: Buffer Overflow
First published: Fri Sep 24 2004(Updated: )
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | =0.6 | |
| Mozilla Firefox | =0.8 | |
| Mozilla Thunderbird | =0.7.2 | |
| Conectiva Linux | =9.0 | |
| Mozilla Mozilla | =1.7 | |
| Mozilla Firefox | =0.9.1 | |
| Netscape Navigator | =7.1 | |
| Mozilla Firefox | =0.9 | |
| Netscape Navigator | =7.2 | |
| Netscape Navigator | =7.0 | |
| Mozilla Mozilla | =1.7.1 | |
| Mozilla Thunderbird | =0.7.3 | |
| Netscape Navigator | =7.0.2 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Thunderbird | =0.7 | |
| Mozilla Firefox | =0.9.2 | |
| Conectiva Linux | =10.0 | |
| Mozilla Mozilla | =1.7.2 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Mozilla | =1.7-rc3 | |
| Mozilla Thunderbird | =0.7.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Linux | =7.3 | |
| Redhat Enterprise Linux Desktop | =3.0 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Fedora Core | =core_1.0 | |
| Redhat Linux | =7.3 | |
| Redhat Linux | =9.0 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Linux | =7.3 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/847200
- http://www.securityfocus.com/bid/11171
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-historical
- vendor/mozilla
- product/thunderbird
- canonical/mozilla thunderbird
- product/firefox
- canonical/mozilla firefox
- vendor/conectiva
- product/linux
- canonical/conectiva linux
- product/mozilla
- canonical/mozilla mozilla
- vendor/netscape
- product/navigator
- canonical/netscape navigator
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- canonical/redhat linux
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- product/fedora core
- canonical/redhat fedora core
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- version/mozilla thunderbird/0.6
- version/mozilla firefox/0.8
- version/mozilla thunderbird/0.7.2
- version/conectiva linux/9.0
- version/mozilla mozilla/1.7
- version/mozilla firefox/0.9.1
- version/netscape navigator/7.1
- version/mozilla firefox/0.9
- version/netscape navigator/7.2
- version/netscape navigator/7.0
- version/mozilla mozilla/1.7.1
- version/mozilla thunderbird/0.7.3
- version/netscape navigator/7.0.2
- version/mozilla firefox/0.9.3
- version/mozilla thunderbird/0.7
- version/mozilla firefox/0.9.2
- version/conectiva linux/10.0
- version/mozilla mozilla/1.7.2
- version/mozilla firefox/0.9-rc
- version/mozilla mozilla/1.7-rc3
- version/mozilla thunderbird/0.7.1
- version/redhat enterprise linux/2.1
- version/redhat linux/7.3
- version/redhat enterprise linux desktop/3.0
- version/redhat linux advanced workstation/2.1
- version/redhat enterprise linux/3.0
- version/redhat fedora core/core_1.0
- version/redhat linux/9.0