Vulnerabilities > CVE-2004-0904 - Integer Overflow vulnerability in Mozilla Browser BMP Image Decoding
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 | |
| Application | 4 | |
| OS | 2 | |
| OS | 17 |
Nessus
NASL family Windows NASL id THUNDERBIRD_MULTIPLE_FLAWS.NASL description The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 14729 published 2004-09-15 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14729 title Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14729); script_version("1.20"); script_cve_id("CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904"); script_bugtraq_id(11174, 11171, 11170); script_name(english:"Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by multiple flaws." ); script_set_attribute(attribute:"description", value: "The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host." ); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla 1.7.3 or Thunderbird 0.8 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/29"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_summary(english:"Determines the version of Mozilla"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (!isnull(ver)) { if ( ver[0] < 1 || ( ver[0] == 1 && ( ver[1] < 7 || (ver[1] == 7 && ver[2] < 3) ) ) ) security_hole(get_kb_item("SMB/transport")); } ver = read_version_in_kb("Mozilla/Thunderbird/Version"); if (!isnull(ver)) { if (ver[0] == 0 && ver[1] < 8) security_hole(get_kb_item("SMB/transport")); }NASL family Windows NASL id MOZILLA_MULTIPLE_FLAWS.NASL description The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack. A remote attacker could exploit these issues by tricking a user into viewing a malicious web page. last seen 2020-06-01 modified 2020-06-02 plugin id 14728 published 2004-09-15 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14728 title Mozilla Browsers Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14728); script_version("1.24"); script_cve_id( "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0906", "CVE-2004-0908" ); script_bugtraq_id( 11194, 11192, 11169, 11171, 11177, 11179 ); script_name(english:"Mozilla Browsers Multiple Vulnerabilities"); script_summary(english:"Determines the version of Mozilla"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack. A remote attacker could exploit these issues by tricking a user into viewing a malicious web page." ); script_set_attribute( attribute:"solution", value:"Upgrade to Mozilla 1.7.3 / Firefox 0.10.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/31"); script_set_attribute(attribute:"patch_publication_date", value: "2004/09/14"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:firefox"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:thunderbird"); script_set_attribute(attribute:"cpe",value:"cpe:/a:netscape:navigator"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); if ( NASL_LEVEL >= 3206 ) script_require_ports("Mozilla/Version", "Mozilla/Firefox/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (!isnull(ver)) { if ( ver[0] < 1 || ( ver[0] == 1 && ( ver[1] < 7 || (ver[1] == 7 && ver[2] < 3) ) ) ) security_hole(get_kb_item("SMB/transport")); } ver = read_version_in_kb("Mozilla/Firefox/Version"); if (!isnull(ver)) { if (ver[0] == 0 && ver[1] < 10) security_hole(get_kb_item("SMB/transport")); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_AB9C559E115A11D9BC4A000C41E2CDAD.NASL description Gael Delalleau discovered several integer overflows in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 19074 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19074 title FreeBSD : mozilla -- BMP decoder vulnerabilities (ab9c559e-115a-11d9-bc4a-000c41e2cdad) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-107.NASL description A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 : - last seen 2020-06-01 modified 2020-06-02 plugin id 15521 published 2004-10-20 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15521 title Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-486.NASL description Updated mozilla packages that fix a number of security issues are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a JavaScript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue. Gael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue. Georgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue. Wladimir Palant discovered a flaw in the way JavaScript interacts with the clipboard. It is possible that an attacker could use malicious JavaScript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue. Georgi Guninski discovered a heap based buffer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 15409 published 2004-10-02 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15409 title RHEL 2.1 / 3 : mozilla (RHSA-2004:486) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-26.NASL description The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities) Mozilla-based products are vulnerable to multiple security issues. Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the last seen 2020-06-01 modified 2020-06-02 plugin id 14781 published 2004-09-21 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14781 title GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
Oval
| accepted | 2013-04-29T04:10:14.341-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10952 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | ||||||||
| version | 27 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/847200
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.securityfocus.com/bid/11171
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952