Vulnerability Name: CVE-2004-0902 (CCN-17378) Assigned: 2004-09-04 Published: 2004-09-04 Updated: 2018-05-03 Summary: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CONFIRMhttp://bugzilla.mozilla.org/show_bug.cgi?id=226669 http://bugzilla.mozilla.org/show_bug.cgi?id=245066 non-ascii char in URL lead to heap overrun http://bugzilla.mozilla.org/show_bug.cgi?id=256316 http://bugzilla.mozilla.org/show_bug.cgi?id=258005 CVE-2004-0902 New upstream for mozilla SSRT4826 FLSA:2089 mozilla security update GLSA-200409-26 [slackware-security] Mozilla (SSA:2004-266-03) Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities Multiple buffer overflows in Mozilla POP3 protocol handler Mozilla send page feature contains a buffer overflow vulnerability Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs Mozilla - Home of the Firefox web browser, Thunderbird and the Mozilla Suite http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 SUSE-SA:2004:036 Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerability TA04-261A mozilla-netscape-nonascii-bo(17378) mozilla-netscape-nonascii-bo(17378) mozilla-nspop3protocol-bo(17379) oval:org.mitre.oval:def:11201 mozilla: various vulnerabilities Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:* Configuration 2 :cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:i686:*:*:*:*:* OR cpe:/o:redhat:linux:9.0:*:i386:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:* OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:* OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.7:*:*:*:*:*:*:* AND cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:* OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* Vulnerability Name: CVE-2004-0902 (CCN-17379) Assigned: 2004-09-04 Published: 2004-09-04 Updated: 2018-05-03 Summary: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNThunderbird tries to download nonexisting messages with POP3 [internal] nsPop3Protocol.cpp, back out fix for bug #157644, since david has fixed the problem another way (bug #229374) CVE-2004-0902 New upstream for mozilla mozilla security update [slackware-security] Mozilla (SSA:2004-266-03) Multiple Security Vulnerabilities in Mozilla Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities Multiple buffer overflows in Mozilla POP3 protocol handler Mozilla send page feature contains a buffer overflow vulnerability Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs mozilla-nspop3protocol-bo(17379) mozilla: various vulnerabilities Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.opensuse.security:def:20040902 V CVE-2004-0902 2015-11-16 oval:org.mitre.oval:def:11201 V Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. 2013-04-29 oval:com.redhat.rhsa:def:20040486 P RHSA-2004:486: mozilla security update (Critical) 2004-09-30
BACK
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla thunderbird 0.7
mozilla thunderbird 0.7.1
mozilla thunderbird 0.7.2
mozilla thunderbird 0.7.3
conectiva linux 9.0
conectiva linux 10.0
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux desktop 3.0
redhat fedora core core_1.0
redhat linux 7.3
redhat linux 7.3
redhat linux 7.3
redhat linux 9.0
redhat linux advanced workstation 2.1
redhat linux advanced workstation 2.1
suse suse linux 1.0
suse suse linux 8
suse suse linux 8.1
suse suse linux 8.2
suse suse linux 9.0
suse suse linux 9.0
suse suse linux 9.0
suse suse linux 9.1
mozilla mozilla 1.0 rc1
mozilla mozilla 1.0
mozilla mozilla 1.0.1
mozilla mozilla 1.1
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.3.1
mozilla mozilla 1.6
mozilla mozilla 1.7 rc3
mozilla firefox 0.8
mozilla firefox 0.9 rc
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla firefox 0.9.2
mozilla firefox 0.9.1
mozilla firefox 0.9.3
netscape navigator 7.2
mozilla mozilla 1.7.2
mozilla firefox 0.9
mozilla mozilla 0.9.2
mozilla mozilla 1.0.2
mozilla mozilla 1.1 alpha
mozilla mozilla 1.1 beta
mozilla mozilla 1.2
mozilla mozilla 1.2 alpha
mozilla mozilla 1.2 beta
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.4.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4 beta
mozilla mozilla 1.5
mozilla mozilla 1.5.1
mozilla mozilla 1.5 alpha
mozilla mozilla 1.5 rc1
mozilla mozilla 1.5 rc2
mozilla mozilla 1.6 alpha
mozilla mozilla 1.6 beta
mozilla mozilla 1.7 alpha
mozilla mozilla 1.7 beta
mozilla mozilla 1.7 rc1
mozilla mozilla 1.7 rc2
mozilla thunderbird 0.1
mozilla thunderbird 0.2
mozilla thunderbird 0.3
mozilla thunderbird 0.4
mozilla thunderbird 0.5
mozilla thunderbird 0.6
mozilla thunderbird 0.7 -
mozilla thunderbird 0.7.1
mozilla thunderbird 0.7.2
mozilla thunderbird 0.7.3
mozilla firefox 0.7
compaq tru64 5.1a
gentoo linux *
suse suse linux 8.1
suse linux enterprise server 8
slackware slackware linux current
compaq tru64 5.1b
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
conectiva linux 9.0
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
conectiva linux 10
slackware slackware linux 10.0
suse suse linux 1.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.0
Denotes that component is vulnerable