Heap-based Buffer Overflow in Firefox and Mozilla Suite
CVE-2005-2701

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite
Vendor: CVE Published:; 23 September 2005

What is CVE-2005-2701?

A heap-based buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Suite due to improper handling of XBM image files. Attackers can exploit this flaw by sending specially crafted XBM files that conclude with an abnormally large number of spaces, circumventing the expected end tag. This exploitation can lead to arbitrary code execution, posing a significant risk to users running affected versions.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.debian.org/security/2005/dsa-868

vendor-advisoryx_refsource_DEBIAN

http://www.vupen.com/english/advisories/2005/1824

vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2005
Vulnerability Reserved
Aug 26, 2005