5

CVE-2005-0255

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version1.0
MozillaMozilla Version1.7.3
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.29% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/19823
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/12659
http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities
Patch
Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-18.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-277.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-337.html
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111