CVE-2004-0904

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/847200	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/11171	Vendor Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=255067	Vendor Advisory
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.us-cert.gov/cas/techalerts/TA04-261A.html	US Government Resource
http://marc.info/?l=bugtraq&m=109698896104418&w=2
http://marc.info/?l=bugtraq&m=109900315219363&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:netscape:navigator:7.0.2:::::::*
	cpe:2.3:a:netscape:navigator:7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
	cpe:2.3:a:netscape:navigator:7.0:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
	cpe:2.3:o:conectiva:linux:9.0:::::::*
	cpe:2.3:a:netscape:navigator:7.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:o:conectiva:linux:10.0:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:7.3::i386:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:linux:7.3::i686:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:redhat:linux:9.0::i386:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::

Information

Published : 2004-12-30 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2004-0904

Mitre link : CVE-2004-0904

JSON object : View

CWE

NVD-CWE-Other

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux
fedora_core
linux_advanced_workstation
linux

mozilla

mozilla
thunderbird
firefox

netscape

navigator

conectiva

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/847200", "name": "VU#847200", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/11171", "name": "11171", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", "tags": [], "refsource": "CONFIRM"}, {"url": "http://security.gentoo.org/glsa/glsa-200409-26.xml", "name": "GLSA-200409-26", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", "name": "SUSE-SA:2004:036", "tags": [], "refsource": "SUSE"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", "name": "TA04-261A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://marc.info/?l=bugtraq&m=109698896104418&w=2", "name": "SSRT4826", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2", "name": "FLSA:2089", "tags": [], "refsource": "FEDORA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381", "name": "mozilla-netscape-bmp-bo(17381)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952", "name": "oval:org.mitre.oval:def:10952", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0904", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

10.0 /10