Heap-Based Buffer Overflow in Mozilla Firefox and Thunderbird
CVE-2004-0902

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Linux; Mozilla
Vendor: CVE Published:; 27 January 2005

What is CVE-2004-0902?

Multiple heap-based buffer overflow vulnerabilities exist in Mozilla Firefox and Thunderbird, allowing remote attackers to disrupt service or execute arbitrary code. These vulnerabilities can be exploited through the 'Send page' feature, by malicious responses from POP3 servers, or via links that contain non-ASCII hostnames. Users of affected versions should upgrade promptly to mitigate these risks.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

http://marc.info/?l=bugtraq&m=109900315219363&w=2

vendor-advisoryx_refsource_FEDORA

EPSS Score

18% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2005
Vulnerability Reserved
Sep 23, 2004