Vulnerabilities > CVE-2005-0255 - Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-10.NASL description The remote host is affected by the vulnerability described in GLSA-200503-10 (Mozilla Firefox: Various vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL last seen 2020-06-01 modified 2020-06-02 plugin id 17276 published 2005-03-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17276 title GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-30.NASL description The remote host is affected by the vulnerability described in GLSA-200503-30 (Mozilla Suite: Multiple vulnerabilities) The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image or scrollbar drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL last seen 2020-06-01 modified 2020-06-02 plugin id 17619 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17619 title GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2005-247.NASL description A buffer overflow bug was found in the way Thunderbird processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the Thunderbird string handling functions. If a malicious website is able to exhaust a system last seen 2020-06-01 modified 2020-06-02 plugin id 19633 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19633 title Fedora Core 3 : thunderbird-1.0.2-1.3.1 (2005-247) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-32.NASL description The remote host is affected by the vulnerability described in GLSA-200503-32 (Mozilla Thunderbird: Multiple vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Phil Ringnalda reported a possible way to spoof Install source with user:pass@host (CAN-2005-0590) Impact : The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Thunderbird. The other overflow issues, while not thought to be exploitable, would have the same impact. Furthermore, by setting up malicious websites and convincing users to follow untrusted links, attackers may leverage the spoofing issue to trick user into installing malicious extensions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17632 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17632 title GLSA-200503-32 : Mozilla Thunderbird: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-277.NASL description Updated mozilla packages that fix a buffer overflow issue are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the Mozilla string handling functions. If a malicious website is able to exhaust a system last seen 2020-06-01 modified 2020-06-02 plugin id 17270 published 2005-03-04 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17270 title RHEL 4 : mozilla (RHSA-2005:277) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-337.NASL description Updated thunderbird packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A buffer overflow bug was found in the way Thunderbird processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the Thunderbird string handling functions. If a malicious website is able to exhaust a system last seen 2020-06-01 modified 2020-06-02 plugin id 17628 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17628 title RHEL 4 : thunderbird (RHSA-2005:337) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-149-3.NASL description USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20546 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20546 title Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3) NASL family Windows NASL id MOZILLA_176.NASL description The remote version of Mozilla contains multiple security issues that could allow an attacker to impersonate a website and to trick a user into accepting and executing arbitrary files or to cause a heap overflow in the FireFox process and execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 17604 published 2005-03-23 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17604 title Mozilla Browser < 1.7.6 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_016.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:016 (Mozilla Firefox). This security update for Mozilla Firefox fixes following problems: - CAN-2005-0231: last seen 2020-06-01 modified 2020-06-02 plugin id 20082 published 2005-10-24 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20082 title SUSE-SA:2005:016: Mozilla Firefox NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-176.NASL description Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system last seen 2020-06-01 modified 2020-06-02 plugin id 17252 published 2005-03-02 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17252 title RHEL 4 : firefox (RHSA-2005:176) NASL family Windows NASL id MOZILLA_FIREFOX_101.NASL description The installed version of Firefox is earlier than 1.0.1. Such versions have multiple security issues, including vulnerabilities that could allow an attacker to impersonate a website by using an International Domain Name, or vulnerabilities that could allow arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 17218 published 2005-02-25 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17218 title Firefox < 1.0.1 Multiple Vulnerabilities
Oval
accepted 2007-05-09T16:10:42.708-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
description String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. family windows id oval:org.mitre.oval:def:100040 status accepted submitted 2005-08-16T12:00:00.000-04:00 title Mozilla String Library Memory Overwrite Vulnerability version 6 accepted 2013-04-29T04:18:16.793-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. family unix id oval:org.mitre.oval:def:9111 status accepted submitted 2010-07-09T03:56:16-04:00 title The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. version 26
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/19823
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities
- http://www.mozilla.org/security/announce/mfsa2005-18.html
- http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-277.html
- http://www.redhat.com/support/errata/RHSA-2005-337.html
- http://www.securityfocus.com/bid/12659
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111