Seek, and You Shall Find - vulnerabilities

Expand Post »

http://www.us-cert.gov/cas/techalerts/TA04-261A.html

Multiple vulnerabilities in Mozilla products

Original release date: September 17, 2004
Last revised: --
Source: US-CERT

Systems Affected

Mozilla software, including the following:

Mozilla web browser, email and newsgroup client
Firefox web browser
Thunderbird email client

Overview

Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.

I. Description

Several vulnerabilities have been reported in the Mozilla web browser and derived products. More detailed information is available in the individual vulnerability notes:

VU#414240 - Mozilla Mail vulnerable to buffer overflow via writeGroup() function in nsVCardObj.cpp

Mozilla Mail contains a stack overflow vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. This can be exploited in the preview mode as well.
VU#847200 - Mozilla contains integer overflows in bitmap image decoder

A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system.
VU#808216 - Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs

A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system.
VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler

There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a malicious POP3 server to execute arbitrary code on the affected system.
VU#327560 - Mozilla "send page" feature contains a buffer overflow vulnerability

There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code.
VU#651928 - Mozilla allows arbitrary code execution via link dragging

A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source.

Similar Threads

Guidelines before posting in DaniWeb Community Feedback
Finding a word from a text/html file by position of previous word in Python
PGP Security Features? in IT Professionals' Lounge
Theoretical question: poly root finding (secant method) in Computer Science
I want your code in C++

! !

Reputation Points: 11

Solved Threads: 0

Banned

Offline

195 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Geeks' Lounge Forum Timeline: glade to join

Next Thread in Geeks' Lounge Forum Timeline: Sending mail without knowing - being used by remote robot?

DaniWeb Message

Cancel Changes

User Name
Password