Vulnerability Details CVE-2004-0904
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.207
EPSS Ranking 95.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/847200
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.securityfocus.com/bid/11171
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/847200
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.securityfocus.com/bid/11171
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
Products affected by CVE-2004-0904
-
cpe:2.3:a:mozilla:firefox:0.8
-
cpe:2.3:a:mozilla:firefox:0.9
-
cpe:2.3:a:mozilla:firefox:0.9.1
-
cpe:2.3:a:mozilla:firefox:0.9.2
-
cpe:2.3:a:mozilla:firefox:0.9.3
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:thunderbird:0.6
-
cpe:2.3:a:mozilla:thunderbird:0.7
-
cpe:2.3:a:mozilla:thunderbird:0.7.1
-
cpe:2.3:a:mozilla:thunderbird:0.7.2
-
cpe:2.3:a:mozilla:thunderbird:0.7.3
-
cpe:2.3:a:netscape:navigator:7.0
-
cpe:2.3:a:netscape:navigator:7.0.2
-
cpe:2.3:a:netscape:navigator:7.1
-
cpe:2.3:a:netscape:navigator:7.2
-
cpe:2.3:o:conectiva:linux:10.0
-
cpe:2.3:o:conectiva:linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
-
cpe:2.3:o:redhat:fedora_core:core_1.0
-
cpe:2.3:o:redhat:linux:7.3
-
cpe:2.3:o:redhat:linux:9.0
-
cpe:2.3:o:redhat:linux_advanced_workstation:2.1