Executive Summary

Informations
Name CVE-2004-0902 First vendor Publication 2005-01-27
Vendor Cve Last vendor Modification 2018-05-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0902

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11201
 
Oval ID: oval:org.mitre.oval:def:11201
Title: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Description: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0902
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 4
Os 2
Os 9
Os 1
Os 1
Os 4
Os 2
Os 8

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5012017.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla)
File : nvt/glsa_200409_26.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird5.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
10528 Mozilla Multiple Products Link non-ASCII Hostname Overflow

10527 Mozilla Multiple Products POP3 Response Overflow

10526 Mozilla Multiple Products Send Page Overflow

9968 Mozilla Multiple Products nsMsgCompUtils.cpp Multiple Overflows

A local overflow exists in Mozilla, Firefox and Thunderbird. The Send Page function fails to validate input received from the page to be sent resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2018-01-17 Mozilla Firefox buffer overflow attempt
RuleID : 45172 - Revision : 1 - Type : BROWSER-FIREFOX
2018-01-17 Mozilla Firefox buffer overflow attempt
RuleID : 45171 - Revision : 1 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2005-07-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_93d6162f115311d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO
2004-10-20 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-107.nasl - Type : ACT_GATHER_INFO
2004-10-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-486.nasl - Type : ACT_GATHER_INFO
2004-09-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200409-26.nasl - Type : ACT_GATHER_INFO
2004-09-15 Name : The remote host has an application that is affected by multiple flaws.
File : thunderbird_multiple_flaws.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CERT http://www.us-cert.gov/cas/techalerts/TA04-261A.html
CONFIRM http://bugzilla.mozilla.org/show_bug.cgi?id=226669
http://bugzilla.mozilla.org/show_bug.cgi?id=245066
http://bugzilla.mozilla.org/show_bug.cgi?id=256316
http://bugzilla.mozilla.org/show_bug.cgi?id=258005
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
FEDORA http://marc.info/?l=bugtraq&m=109900315219363&w=2
GENTOO http://security.gentoo.org/glsa/glsa-200409-26.xml
HP http://marc.info/?l=bugtraq&m=109698896104418&w=2
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SUSE http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
https://exchange.xforce.ibmcloud.com/vulnerabilities/17379

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:02:25
  • Multiple Updates
2021-04-22 01:02:34
  • Multiple Updates
2020-05-23 00:15:54
  • Multiple Updates
2019-06-25 12:01:01
  • Multiple Updates
2018-05-03 09:19:26
  • Multiple Updates
2017-07-11 12:01:31
  • Multiple Updates
2016-10-18 12:01:23
  • Multiple Updates
2016-04-26 12:54:01
  • Multiple Updates
2014-02-17 10:28:06
  • Multiple Updates
2013-05-11 11:43:17
  • Multiple Updates