Vulnerability Name:

CCN-13849

Published:2003-11-26
Updated:2003-11-26
Summary:Mozilla, containing the Chatzilla component and running on Microsoft Windows platforms, is vulnerable to a stack-based buffer overflow in a recursive function in the js3250.dl file. By creating a long malicious irc: URI string, a remote attacker could overflow a buffer and cause the victim's browser to crash, once the link is clicked.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Mozilla Web site
mozilla.org

Source: CCN
Type: BID-9104
Mozilla Chatzilla IRC URI Handler Memory Corruption Vulnerability

Source: XF
Type: UNKNOWN
mozilla-chatzilla-irc-dos(13849)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mozilla mozilla 0.9.6
    mozilla mozilla 0.8
    mozilla mozilla 0.9.9
    mozilla mozilla 1.0 rc1
    mozilla mozilla 1.0
    mozilla mozilla 1.0.1
    mozilla mozilla 1.1
    mozilla mozilla 1.2.1
    mozilla mozilla 1.3
    mozilla mozilla 1.4
    mozilla mozilla 1.3.1
    mozilla mozilla 0.9.2
    mozilla mozilla 0.9.2.1
    mozilla mozilla 0.9.3
    mozilla mozilla 0.9.4
    mozilla mozilla 0.9.4.1
    mozilla mozilla 0.9.5
    mozilla mozilla 0.9.7
    mozilla mozilla 0.9.8
    mozilla mozilla 1.0.2
    mozilla mozilla 1.1 alpha
    mozilla mozilla 1.1 beta
    mozilla mozilla 1.2
    mozilla mozilla 1.2 alpha
    mozilla mozilla 1.2 beta
    mozilla mozilla 1.4.1
    mozilla mozilla 1.4.2
    mozilla mozilla 1.4.4
    mozilla mozilla 1.4 alpha
    mozilla mozilla 1.4 beta
    mozilla mozilla 1.5
    mozilla mozilla 1.5.1
    mozilla mozilla 1.5 alpha
    mozilla mozilla 1.5 rc1
    mozilla mozilla 1.5 rc2