1. Home
  2. CVE Database
  3. CVE-2004-0902
HIGH · 10.0

CVE-2004-0902

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application cr...

Vulnerability Description

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MozillaMozilla1.7
MozillaThunderbird0.7
ConectivaLinux9.0
RedhatEnterprise Linux2.1
RedhatEnterprise Linux Desktop3.0
RedhatFedora Corecore_1.0
RedhatLinux7.3
RedhatLinux Advanced Workstation2.1
SuseSuse Linux1.0

References

FAQ

What is CVE-2004-0902?

CVE-2004-0902 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application cr...

How severe is CVE-2004-0902?

CVE-2004-0902 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0902?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Mozilla, Mozilla Thunderbird, Conectiva Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.