CVE-2004-0904

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Firefox; Linux; Mozilla
Vendor: CVE Published:; 31 December 2004

Summary

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17381

vdb-entryx_refsource_XF

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

http://marc.info/?l=bugtraq&m=109900315219363&w=2

vendor-advisoryx_refsource_FEDORA

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 31, 2004
Vulnerability Reserved
Sep 23, 2004