CVE-2005-0399

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://xforce.iss.net/xforce/alerts/id/191	Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-30.html	Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-335.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-336.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-337.html	Vendor Advisory
http://www.kb.cert.org/vuls/id/557948	Third Party Advisory US Government Resource
http://www.ciac.org/ciac/bulletins/p-160.shtml
http://secunia.com/advisories/14654	Patch Vendor Advisory
http://www.securityfocus.com/bid/12881
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://www.securityfocus.com/bid/15495
http://secunia.com/advisories/19823
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.vupen.com/english/advisories/2005/0296
https://exchange.xforce.ibmcloud.com/vulnerabilities/19269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.5:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:alpha::::::
	cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7.5:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.5:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc1::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.4.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:alpha::::::

Information

Published : 2005-05-01 21:00

Updated : 2018-05-02 18:29

NVD link : CVE-2005-0399

Mitre link : CVE-2005-0399

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mozilla

firefox
mozilla
thunderbird

5.1 /10