Vulnerabilities > CVE-2005-0592 - Unspecified vulnerability in Mozilla Firefox and Mozilla

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mozilla
nessus

Summary

Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-10 (Mozilla Firefox: Various vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL
    last seen2020-06-01
    modified2020-06-02
    plugin id17276
    published2005-03-06
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17276
    titleGLSA-200503-10 : Mozilla Firefox: Various vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-30 (Mozilla Suite: Multiple vulnerabilities) The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image or scrollbar drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL
    last seen2020-06-01
    modified2020-06-02
    plugin id17619
    published2005-03-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17619
    titleGLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-32.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-32 (Mozilla Thunderbird: Multiple vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Thunderbird: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Phil Ringnalda reported a possible way to spoof Install source with user:pass@host (CAN-2005-0590) Impact : The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Thunderbird. The other overflow issues, while not thought to be exploitable, would have the same impact. Furthermore, by setting up malicious websites and convincing users to follow untrusted links, attackers may leverage the spoofing issue to trick user into installing malicious extensions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17632
    published2005-03-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17632
    titleGLSA-200503-32 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-149-3.NASL
    descriptionUSN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20546
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20546
    titleUbuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)
  • NASL familyWindows
    NASL idMOZILLA_176.NASL
    descriptionThe remote version of Mozilla contains multiple security issues that could allow an attacker to impersonate a website and to trick a user into accepting and executing arbitrary files or to cause a heap overflow in the FireFox process and execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id17604
    published2005-03-23
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17604
    titleMozilla Browser < 1.7.6 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-176.NASL
    descriptionUpdated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system
    last seen2020-06-01
    modified2020-06-02
    plugin id17252
    published2005-03-02
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17252
    titleRHEL 4 : firefox (RHSA-2005:176)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_101.NASL
    descriptionThe installed version of Firefox is earlier than 1.0.1. Such versions have multiple security issues, including vulnerabilities that could allow an attacker to impersonate a website by using an International Domain Name, or vulnerabilities that could allow arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id17218
    published2005-02-25
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17218
    titleFirefox < 1.0.1 Multiple Vulnerabilities

Oval

  • accepted2007-05-09T16:10:44.311-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
    familywindows
    idoval:org.mitre.oval:def:100043
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleMozilla UTF8 to Unicode Conversion Heap Overflow
    version6
  • accepted2013-04-29T04:07:03.196-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
    familyunix
    idoval:org.mitre.oval:def:10606
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
    version26

Redhat

advisories
rhsa
idRHSA-2005:176
rpmsfirefox-0:1.0.1-1.4.3