Vulnerability Description
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.7 |
| Mozilla | Thunderbird | 0.6 |
| Netscape | Navigator | 7.0 |
| Conectiva | Linux | 9.0 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_1.0 |
| Redhat | Linux | 7.3 |
| Redhat | Linux Advanced Workstation | 2.1 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067Vendor Advisory
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/847200Third Party AdvisoryUS Government Resource
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.securityfocus.com/bid/11171Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://bugzilla.mozilla.org/show_bug.cgi?id=255067Vendor Advisory
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
FAQ
What is CVE-2004-0904?
CVE-2004-0904 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide ...
How severe is CVE-2004-0904?
CVE-2004-0904 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0904?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla, Mozilla Thunderbird, Netscape Navigator, Conectiva Linux.