CVE-2004-0902

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Linux; Mozilla
Vendor: CVE Published:; 27 January 2005

Summary

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

http://marc.info/?l=bugtraq&m=109900315219363&w=2

vendor-advisoryx_refsource_FEDORA

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 27, 2005
Vulnerability Reserved
Sep 23, 2004