Integer Overflow Vulnerability in Mozilla Firefox and Thunderbird Products
CVE-2004-0904

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Firefox; Linux; Mozilla
Vendor: CVE Published:; 31 December 2004

Summary

An integer overflow vulnerability exists in the BMP decoder for Mozilla Firefox and Thunderbird, allowing remote attackers to execute arbitrary code. By sending specially crafted wide bitmap files, attackers can trigger heap-based buffer overflows, potentially compromising the security of affected systems. This flaw impacts versions prior to Firefox 1.7.3 and Thunderbird 0.8, necessitating prompt updates to mitigate risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17381

vdb-entryx_refsource_XF

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

http://marc.info/?l=bugtraq&m=109900315219363&w=2

vendor-advisoryx_refsource_FEDORA

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 31, 2004
Vulnerability Reserved
Sep 23, 2004