10

CVE-2004-0904

EPSS 31.75%
Published 31.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Mozilla Version1.7

Mozilla ≫ Mozilla Version1.7 Updaterc3

Mozilla ≫ Mozilla Version1.7.1

Mozilla ≫ Mozilla Version1.7.2

Mozilla ≫ Thunderbird Version0.6

Mozilla ≫ Thunderbird Version0.7

Mozilla ≫ Thunderbird Version0.7.1

Mozilla ≫ Thunderbird Version0.7.2

Mozilla ≫ Thunderbird Version0.7.3

Netscape ≫ Navigator Version7.0

Netscape ≫ Navigator Version7.0.2

Netscape ≫ Navigator Version7.1

Netscape ≫ Navigator Version7.2

Conectiva ≫ Linux Version9.0

Conectiva ≫ Linux Version10.0

Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server

Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server_ia64

Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server

Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server_ia64

Redhat ≫ Enterprise Linux Version2.1 Editionworkstation

Redhat ≫ Enterprise Linux Version2.1 Editionworkstation_ia64

Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_server

Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server

Redhat ≫ Enterprise Linux Version3.0 Editionworkstation_server

Redhat ≫ Enterprise Linux Desktop Version3.0

Redhat ≫ Fedora Core Versioncore_1.0

Redhat ≫ Linux Version7.3

Redhat ≫ Linux Version7.3 Editioni386

Redhat ≫ Linux Version7.3 Editioni686

Redhat ≫ Linux Version9.0 Editioni386

Redhat ≫ Linux Advanced Workstation Version2.1 Editionia64

Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium_processor

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	31.75%	0.966

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://marc.info/?l=bugtraq&m=109698896104418&w=2

http://security.gentoo.org/glsa/glsa-200409-26.xml

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

http://www.us-cert.gov/cas/techalerts/TA04-261A.html

US Government Resource

http://bugzilla.mozilla.org/show_bug.cgi?id=255067

Vendor Advisory

http://www.kb.cert.org/vuls/id/847200

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/11171

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17381

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952

https://nvd.nist.gov/vuln/detail/CVE-2004-0904

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0904

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0904

EUVD