Vulnerability Details CVE-2002-2061
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=157202
- http://www.iss.net/security_center/static/9287.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:074
- http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
- http://bugzilla.mozilla.org/show_bug.cgi?id=157202
- http://www.iss.net/security_center/static/9287.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:074
- http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
Products affected by CVE-2002-2061
-
cpe:2.3:a:mozilla:mozilla:-
-
cpe:2.3:a:mozilla:mozilla:0.8
-
cpe:2.3:a:mozilla:mozilla:0.9.2
-
cpe:2.3:a:mozilla:mozilla:0.9.2.1
-
cpe:2.3:a:mozilla:mozilla:0.9.3
-
cpe:2.3:a:mozilla:mozilla:0.9.35
-
cpe:2.3:a:mozilla:mozilla:0.9.4
-
cpe:2.3:a:mozilla:mozilla:0.9.4.1
-
cpe:2.3:a:mozilla:mozilla:0.9.48
-
cpe:2.3:a:mozilla:mozilla:0.9.5
-
cpe:2.3:a:mozilla:mozilla:0.9.6
-
cpe:2.3:a:mozilla:mozilla:0.9.7
-
cpe:2.3:a:mozilla:mozilla:0.9.8
-
cpe:2.3:a:mozilla:mozilla:0.9.9
-
cpe:2.3:a:mozilla:mozilla:1.0
-
cpe:2.3:a:netscape:navigator:6.2.3