Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:561022
HistoryAug 20, 2004 - 12:00 a.m.

Mozilla contains a buffer overflow in the SendUidl() function

2004-08-2000:00:00
www.kb.cert.org
13

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.5%

JSON

Overview

A vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system.

Description

Post Office Protocol Version 3 (POP3) is a mail protocol that provides a means for retrieving email from a remote server. This protocol is supported by Mozilla, Firefox, and Thunderbird. These clients contain a vulnerability that allows malformed POP3 responses to trigger a buffer overflow condition in the SendUidl() function. Such responses can be sent by a remote POP3 server and could result in arbitrary code execution.

Impact

By sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server.

Solution

Upgrade

Upgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7, Firefox 0.9, and Thunderbird 0.7.2.

Vendor Information

561022

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Mozilla Affected

Updated: August 20, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23561022 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Zen Parse.

This document was written by Damon Morda.

Other Information

CVE IDs: CVE-2004-0757
Severity Metric: 2.70 Date Public:

Related

nessus 5
openvas 6
cve 1
freebsd 1
redhat 1
suse 7
slackware 1
nessus
nessus
FreeBSD : mozilla -- POP client heap overflow (116)
2004-09-16 00:00:00
FreeBSD : mozilla -- POP client heap overflow (c1d97a8b-05ed-11d9-b45d-000c41e2cdad)
2009-04-23 00:00:00
RHEL 2.1 / 3 : mozilla (RHSA-2004:421)
2004-08-05 00:00:00
openvas
openvas
FreeBSD Ports: mozilla
2008-09-04 00:00:00
FreeBSD Ports: mozilla
2008-09-04 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
cve
cve
CVE-2004-0757
2004-08-18 04:00:00
freebsd
freebsd
mozilla -- POP client heap overflow
2004-07-22 00:00:00
redhat
redhat
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
suse
suse
remote DoS condition in apache2
2004-09-06 13:51:41
remote file disclosure in samba
2004-10-05 14:57:32
remote code execution in cups
2004-09-15 14:45:26
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.5%

JSON
Related for VU:561022
nessus5openvas6cve1freebsd1redhat1suse7slackware1