Vulnerability Description
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla | <= 1.0 |
| Netscape | Navigator | 6.2.3 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=157202Patch
- http://www.iss.net/security_center/static/9287.phpPatch
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:074
- http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.htmlPatch
- http://bugzilla.mozilla.org/show_bug.cgi?id=157202Patch
- http://www.iss.net/security_center/static/9287.phpPatch
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:074
- http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.htmlPatch
FAQ
What is CVE-2002-2061?
CVE-2002-2061 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values ...
How severe is CVE-2002-2061?
CVE-2002-2061 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2061?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Mozilla, Netscape Navigator.