ID CVE-2004-0904
Summary Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
Vulnerable Configurations
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Mozilla 1.7
    cpe:2.3:a:mozilla:mozilla:1.7
  • Mozilla Mozilla 1.7 rc3
    cpe:2.3:a:mozilla:mozilla:1.7:rc3
  • Mozilla Mozilla 1.7.1
    cpe:2.3:a:mozilla:mozilla:1.7.1
  • Mozilla Mozilla 1.7.2
    cpe:2.3:a:mozilla:mozilla:1.7.2
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Netscape Navigator 7.0
    cpe:2.3:a:netscape:navigator:7.0
  • Netscape Navigator 7.0.2
    cpe:2.3:a:netscape:navigator:7.0.2
  • Netscape Navigator 7.1
    cpe:2.3:a:netscape:navigator:7.1
  • Netscape Navigator 7.2
    cpe:2.3:a:netscape:navigator:7.2
  • Conectiva Linux 9.0
    cpe:2.3:o:conectiva:linux:9.0
  • Conectiva Linux 10.0
    cpe:2.3:o:conectiva:linux:10.0
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • cpe:2.3:o:redhat:fedora_core:core_1.0
    cpe:2.3:o:redhat:fedora_core:core_1.0
  • Red Hat Linux 7.3
    cpe:2.3:o:redhat:linux:7.3
  • cpe:2.3:o:redhat:linux:7.3:-:i386
    cpe:2.3:o:redhat:linux:7.3:-:i386
  • cpe:2.3:o:redhat:linux:7.3:-:i686
    cpe:2.3:o:redhat:linux:7.3:-:i686
  • cpe:2.3:o:redhat:linux:9.0:-:i386
    cpe:2.3:o:redhat:linux:9.0:-:i386
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-486.NASL
    description Updated mozilla packages that fix a number of security issues are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a JavaScript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue. Gael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue. Georgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue. Wladimir Palant discovered a flaw in the way JavaScript interacts with the clipboard. It is possible that an attacker could use malicious JavaScript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue. Georgi Guninski discovered a heap based buffer overflow in the 'Send Page' feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue. Users of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 15409
    published 2004-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15409
    title RHEL 2.1 / 3 : mozilla (RHSA-2004:486)
  • NASL family Windows
    NASL id MOZILLA_MULTIPLE_FLAWS.NASL
    description The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack. A remote attacker could exploit these issues by tricking a user into viewing a malicious web page.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 14728
    published 2004-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14728
    title Mozilla Browsers Multiple Vulnerabilities
  • NASL family Windows
    NASL id THUNDERBIRD_MULTIPLE_FLAWS.NASL
    description The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host.
    last seen 2019-02-21
    modified 2018-08-22
    plugin id 14729
    published 2004-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14729
    title Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200409-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities) Mozilla-based products are vulnerable to multiple security issues. Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns. Several issues were found and fixed in JavaScript rights handling: untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses. Impact : An attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially crafted BMP image or VCard, use the 'Send Page' function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog. Workaround : There is no known workaround covering all vulnerabilities.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 14781
    published 2004-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14781
    title GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_AB9C559E115A11D9BC4A000C41E2CDAD.NASL
    description Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 19074
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19074
    title FreeBSD : mozilla -- BMP decoder vulnerabilities (ab9c559e-115a-11d9-bc4a-000c41e2cdad)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-107.NASL
    description A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 : - 'Send page' heap overrun - JavaScript clipboard access - buffer overflow when displaying VCard - BMP integer overflow - javascript: link dragging - Malicious POP3 server III The details of all of these vulnerabilities are available from the Mozilla website.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15521
    published 2004-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15521
    title Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)
oval via4
accepted 2013-04-29T04:10:14.341-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
family unix
id oval:org.mitre.oval:def:10952
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
version 24
redhat via4
rpms
  • mozilla-js-debugger-37:1.4.3-3.0.4
  • mozilla-mail-37:1.4.3-3.0.4
  • mozilla-chat-37:1.4.3-3.0.4
  • mozilla-nss-devel-37:1.4.3-3.0.4
  • mozilla-37:1.4.3-3.0.4
  • mozilla-dom-inspector-37:1.4.3-3.0.4
  • mozilla-nspr-devel-37:1.4.3-3.0.4
  • mozilla-nspr-37:1.4.3-3.0.4
  • mozilla-devel-37:1.4.3-3.0.4
  • mozilla-nss-37:1.4.3-3.0.4
refmap via4
bid 11171
cert TA04-261A
cert-vn VU#847200
confirm
fedora FLSA:2089
gentoo GLSA-200409-26
hp SSRT4826
suse SUSE-SA:2004:036
xf mozilla-netscape-bmp-bo(17381)
Last major update 17-10-2016 - 22:49
Published 31-12-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top