FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple heap buffer overflows

Affected packages
		thunderbird	<	0.7.3_1
		firefox	<	0.9.3_1
		mozilla	<	1.7.2_2,2
1.8.a,2	<=	mozilla	<	1.8.a3_1,2
		mozilla-gtk1	<	1.7.2_3
		linux-mozilla	<	1.7.3
0	<=	linux-mozillafirebird

Details

VuXML ID	93d6162f-1153-11d9-bc4a-000c41e2cdad
Discovery	2004-09-13
Entry	2004-09-28

Several heap buffer overflows were discovered and fixed in the most recent versions of Mozilla, Firefox, and Thunderbird. These overflows may occur when:

Using the "Send Page" function.
Checking mail on a malicious POP3 server.
Processing non-ASCII URLs.

Each of these vulnerabilities may be exploited for remote code execution.

References

CVE Name	CVE-2004-0902
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=226669
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=245066
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=256316
URL	http://bugzilla.mozilla.org/show_bug.cgi?id=258005
US-CERT Technical Cyber Security Alert	TA04-261A

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.