ID CVE-2004-1316
Summary Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
References
Vulnerable Configurations
  • Mozilla Mozilla
    cpe:2.3:a:mozilla:mozilla
  • Mozilla Mozilla 1.3
    cpe:2.3:a:mozilla:mozilla:1.3
  • Mozilla Mozilla 1.4
    cpe:2.3:a:mozilla:mozilla:1.4
  • Mozilla Mozilla 1.4a
    cpe:2.3:a:mozilla:mozilla:1.4:alpha
  • Mozilla Mozilla 1.4.1
    cpe:2.3:a:mozilla:mozilla:1.4.1
  • Mozilla Mozilla 1.5
    cpe:2.3:a:mozilla:mozilla:1.5
  • Mozilla Mozilla 1.5 alpha
    cpe:2.3:a:mozilla:mozilla:1.5:alpha
  • Mozilla Mozilla 1.5 rc1
    cpe:2.3:a:mozilla:mozilla:1.5:rc1
  • Mozilla Mozilla 1.5 rc2
    cpe:2.3:a:mozilla:mozilla:1.5:rc2
  • Mozilla Mozilla 1.5.1
    cpe:2.3:a:mozilla:mozilla:1.5.1
  • Mozilla Mozilla 1.6
    cpe:2.3:a:mozilla:mozilla:1.6
  • Mozilla Mozilla 1.6 alpha
    cpe:2.3:a:mozilla:mozilla:1.6:alpha
  • Mozilla Mozilla 1.6 beta
    cpe:2.3:a:mozilla:mozilla:1.6:beta
  • Mozilla Mozilla 1.7
    cpe:2.3:a:mozilla:mozilla:1.7
  • Mozilla Mozilla 1.7 alpha
    cpe:2.3:a:mozilla:mozilla:1.7:alpha
  • Mozilla Mozilla 1.7 beta
    cpe:2.3:a:mozilla:mozilla:1.7:beta
  • Mozilla Mozilla 1.7 rc1
    cpe:2.3:a:mozilla:mozilla:1.7:rc1
  • Mozilla Mozilla 1.7 rc2
    cpe:2.3:a:mozilla:mozilla:1.7:rc2
  • Mozilla Mozilla 1.7 rc3
    cpe:2.3:a:mozilla:mozilla:1.7:rc3
  • Mozilla Mozilla 1.7.1
    cpe:2.3:a:mozilla:mozilla:1.7.1
  • Mozilla Mozilla 1.7.2
    cpe:2.3:a:mozilla:mozilla:1.7.2
  • Mozilla Mozilla 1.7.3
    cpe:2.3:a:mozilla:mozilla:1.7.3
CVSS
Base: 5.0 (as of 20-06-2005 - 12:35)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
metasploit via4
nessus via4
  • NASL family Windows
    NASL id MOZILLA_NNTP_HEAP_OVERFLOW.NASL
    description The remote version of Mozilla is vulnerable to a heap overflow attack against its NNTP functionality. This may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to set up a rogue news site and lure a victim on the remote host into reading news from it.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 16085
    published 2005-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16085
    title Mozilla nsNNTPProtocol.cpp NNTP news:// URI Handling Overflow DoS
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-335.NASL
    description Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CVE-2005-0147) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CVE-2004-1380) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CVE-2005-0149) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CVE-2005-0142) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CVE-2005-0141) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CVE-2005-0144) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CVE-2005-0143) A bug was found in the way Mozilla displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17626
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17626
    title RHEL 4 : mozilla (RHSA-2005:335)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3FBF9DB2658B11D9ABAD000A95BC6FAE.NASL
    description Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers : Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 18912
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18912
    title FreeBSD : mozilla -- heap overflow in NNTP handler (3fbf9db2-658b-11d9-abad-000a95bc6fae)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-038.NASL
    description Updated mozilla packages that fix a buffer overflow issue are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. iSEC Security Research has discovered a buffer overflow bug in the way Mozilla handles NNTP URLs. If a user visits a malicious web page or is convinced to click on a malicious link, it may be possible for an attacker to execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1316 to this issue. Users of Mozilla should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 16160
    published 2005-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16160
    title RHEL 2.1 / 3 : mozilla (RHSA-2005:038)
oval via4
  • accepted 2007-05-09T16:10:48.341-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Christine Walzer
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description kers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
    family windows
    id oval:org.mitre.oval:def:100052
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Mozilla Malicious news: Vulnerability
    version 6
  • accepted 2013-04-29T04:22:25.227-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
    family unix
    id oval:org.mitre.oval:def:9808
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
    version 23
redhat via4
advisories
rhsa
id RHSA-2005:038
refmap via4
bid 12131
bugtraq 20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.
confirm http://www.mozilla.org/security/announce/mfsa2005-06.html
hp
  • HPSBTU01114
  • HPSBUX01133
  • SSRT5940
misc http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
secunia 19823
suse SUSE-SA:2006:022
xf mozilla-nntp-bo(18711)
Last major update 17-10-2016 - 22:53
Published 29-12-2004 - 00:00
Last modified 02-05-2018 - 21:29
Back to Top