Vulnerability Name:

CVE-2005-0255 (CCN-19522)

Assigned:2005-02-28
Published:2005-02-28
Updated:2017-10-11
Summary:String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Mar 01 2005 - 02:17:05 CST
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error

Source: MITRE
Type: CNA
CVE-2005-0255

Source: CCN
Type: RHSA-2005-176
firefox security update

Source: CCN
Type: RHSA-2005-277
mozilla security update

Source: CCN
Type: RHSA-2005-337
thunderbird security update

Source: SECUNIA
Type: UNKNOWN
19823

Source: CCN
Type: CIAC INFORMATION BULLETIN P-149
Firefox Security Update

Source: CCN
Type: GLSA-200503-10
Mozilla Firefox: Various vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-10

Source: CCN
Type: GLSA-200503-30
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-30

Source: CCN
Type: GLSA-200503-32
Mozilla Thunderbird: Multiple vulnerabilities

Source: CCN
Type: iDEFENSE Security Advisory 02.28.05
Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error

Source: IDEFENSE
Type: Patch, Vendor Advisory
20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error

Source: CCN
Type: Mozilla CVS Repository Web site
source code via cvs

Source: CCN
Type: Mozilla Firefox Download Web page
Download Firefox

Source: CCN
Type: Mozilla Suite Download Web page
Mozilla Suite

Source: CCN
Type: MFSA 2005-18
Memory overwrite in string library

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-18.html

Source: SUSE
Type: Patch, Vendor Advisory
SUSE-SA:2005:016

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:004

Source: REDHAT
Type: UNKNOWN
RHSA-2005:176

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:277

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:337

Source: BID
Type: UNKNOWN
12659

Source: CCN
Type: BID-12659
Mozilla Suite Multiple Remote Vulnerabilities

Source: CCN
Type: USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities

Source: CCN
Type: Bugzilla Bug 277549
Out of memory in MutatePrep is not well handled

Source: XF
Type: UNKNOWN
mozilla-firefox-string-heap-corruption(19522)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100040

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9111

Source: SUSE
Type: SUSE-SA:2005:016
Mozilla Firefox: remote code execution

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050255
    V
    CVE-2005-0255
    2015-11-16
    oval:org.mitre.oval:def:9111
    V
    The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
    2013-04-29
    oval:org.mitre.oval:def:100040
    V
    Mozilla String Library Memory Overwrite Vulnerability
    2007-05-09
    oval:com.redhat.rhsa:def:20050337
    P
    RHSA-2005:337: thunderbird security update (Critical)
    2005-03-23
    oval:com.redhat.rhsa:def:20050277
    P
    RHSA-2005:277: mozilla security update (Critical)
    2005-03-04
    oval:com.redhat.rhsa:def:20050176
    P
    RHSA-2005:176: firefox security update (Critical)
    2005-03-01
    BACK
    mozilla firefox 1.0
    mozilla mozilla 1.7.3
    mozilla thunderbird 0.1
    mozilla thunderbird 0.2
    mozilla thunderbird 0.3
    mozilla thunderbird 0.4
    mozilla thunderbird 0.5
    mozilla thunderbird 0.6
    mozilla thunderbird 0.7
    mozilla thunderbird 0.8
    mozilla thunderbird 0.9
    mozilla thunderbird 1.0
    mozilla mozilla 1.7.1
    mozilla mozilla 1.7.2
    mozilla mozilla 1.7.3
    mozilla thunderbird 0.8
    mozilla firefox 1.0
    mozilla mozilla 1.7.5
    mozilla mozilla 1.7.4
    mozilla thunderbird 0.1
    mozilla thunderbird 0.2
    mozilla thunderbird 0.3
    mozilla thunderbird 0.4
    mozilla thunderbird 0.5
    mozilla thunderbird 0.6
    mozilla thunderbird 0.7
    mozilla thunderbird 0.9
    mozilla thunderbird 1.0
    gentoo linux *
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    suse suse linux 10.0
    suse suse linux 9.3