CVE-2004-0902

Current Description

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Basic Data

PublishedJanuary 27, 2005
Last ModifiedMay 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaMozilla1.7*******
    2.3ApplicationMozillaMozilla1.7.1*******
    2.3ApplicationMozillaMozilla1.7.2*******
    2.3ApplicationMozillaThunderbird0.7*******
    2.3ApplicationMozillaThunderbird0.7.1*******
    2.3ApplicationMozillaThunderbird0.7.2*******
    2.3ApplicationMozillaThunderbird0.7.3*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatLinux7.3*******
    2.3OSRedhatLinux7.3*i386*****
    2.3OSRedhatLinux7.3*i686*****
    2.3OSRedhatLinux9.0*i386*****
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium_processor*****
    2.3OSSuseSuse Linux1.0*desktop*****
    2.3OSSuseSuse Linux8*enterprise_server*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*enterprise_server*****
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******

Vulnerable Software List

VendorProductVersions
Mozilla Thunderbird 0.7, 0.7.1, 0.7.2, 0.7.3
Mozilla Mozilla 1.7, 1.7.1, 1.7.2
Redhat Enterprise Linux 2.1, 3.0
Redhat Enterprise Linux Desktop 3.0
Redhat Linux 7.3, 9.0
Redhat Fedora Core core_1.0
Redhat Linux Advanced Workstation 2.1
Conectiva Linux 10.0, 9.0
Suse Suse Linux 1.0, 8, 8.1, 8.2, 9.0, 9.1

References

NameSourceURLTags
http://bugzilla.mozilla.org/show_bug.cgi?id=226669http://bugzilla.mozilla.org/show_bug.cgi?id=226669CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=245066http://bugzilla.mozilla.org/show_bug.cgi?id=245066CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=256316http://bugzilla.mozilla.org/show_bug.cgi?id=256316CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=258005http://bugzilla.mozilla.org/show_bug.cgi?id=258005CONFIRM
SSRT4826http://marc.info/?l=bugtraq&m=109698896104418&w=2HP
FLSA:2089http://marc.info/?l=bugtraq&m=109900315219363&w=2FEDORA
GLSA-200409-26http://security.gentoo.org/glsa/glsa-200409-26.xmlGENTOO
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3CONFIRM
SUSE-SA:2004:036http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlSUSE
TA04-261Ahttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlCERTPatch Third Party Advisory US Government Resource
mozilla-netscape-nonascii-bo(17378)https://exchange.xforce.ibmcloud.com/vulnerabilities/17378XF
mozilla-nspop3protocol-bo(17379)https://exchange.xforce.ibmcloud.com/vulnerabilities/17379XF
oval:org.mitre.oval:def:11201https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201OVAL