ID CVE-2004-0903 Type cve Reporter cve@mitre.org Modified 2017-10-11T01:29:00
Description
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
{"openvas": [{"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-04T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52369", "id": "OPENVAS:52369", "title": "FreeBSD Ports: thunderbird", "type": "openvas", "sourceData": "#\n#VID da690355-1159-11d9-bc4a-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n thunderbird\n mozilla\n mozilla-gtk1\n linux-mozilla\n\nCVE-2004-0903\nStack-based buffer overflow in the writeGroup function in\nnsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla\nbefore 1.7.3, and Thunderbird before 0.8 allows remote attackers to\nexecute arbitrary code via malformed VCard attachments that are not\nproperly handled when previewing a message.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugzilla.mozilla.org/show_bug.cgi?id=257314\nhttp://www.vuxml.org/freebsd/da690355-1159-11d9-bc4a-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52369);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(11174);\n script_cve_id(\"CVE-2004-0903\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: thunderbird\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.7.3_1\")<0) {\n txt += 'Package thunderbird version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.2_2,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.a,2\")>=0 && revcomp(a:bver, b:\"1.8.a3_1,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.2_3\")<0) {\n txt += 'Package mozilla-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.3\")<0) {\n txt += 'Package linux-mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65278", "id": "OPENVAS:65278", "title": "SLES9: Security update for Mozilla", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012017.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65278);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0908\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.6~74.14\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065278", "id": "OPENVAS:136141256231065278", "title": "SLES9: Security update for Mozilla", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012017.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65278\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0908\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-irc\", rpm:\"mozilla-irc~1.6~74.14\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-26.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54682", "id": "OPENVAS:54682", "title": "Gentoo Security Advisory GLSA 200409-26 (Mozilla)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox\nfix several vulnerabilities, including the remote execution of arbitrary\ncode.\";\ntag_solution = \"All users should upgrade to the latest stable version:\n\n # emerge sync\n\n # emerge -pv your-version\n # emerge your-version\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-26\nhttp://bugs.gentoo.org/show_bug.cgi?id=63996\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3\nhttp://www.us-cert.gov/cas/techalerts/TA04-261A.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-26.\";\n\n \n\nif(description)\n{\n script_id(54682);\n script_cve_id(\"CVE-2004-0902\",\"CVE-2004-0903\",\"CVE-2004-0904\",\"CVE-2004-0905\",\"CVE-2004-0906\",\"CVE-2004-0907\",\"CVE-2004-0908\",\"CVE-2004-0909\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200409-26 (Mozilla)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/mozilla\", unaffected: make_list(\"ge 1.7.3\"), vulnerable: make_list(\"lt 1.7.3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mozilla-firefox\", unaffected: make_list(\"ge 1.0_pre\"), vulnerable: make_list(\"lt 1.0_pre\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(\"ge 0.8\"), vulnerable: make_list(\"lt 0.8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mozilla-bin\", unaffected: make_list(\"ge 1.7.3\"), vulnerable: make_list(\"lt 1.7.3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mozilla-firefox-bin\", unaffected: make_list(\"ge 1.0_pre\"), vulnerable: make_list(\"lt 1.0_pre\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(\"ge 0.8\"), vulnerable: make_list(\"lt 0.8\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/epiphany\", unaffected: make_list(\"ge 1.2.9-r1\"), vulnerable: make_list(\"lt 1.2.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "description": "## Vulnerability Description\nA local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity.\n## Solution Description\nFor Mozilla.org products, upgrade to Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8 or higher, as these have been confirmed to fix this vulnerability. An upgrade is required as there are no known workarounds.\n\nFor Netscape products, there are currently no known upgrades or patches available to correct this issue. It is possible to mitigate the flaw by disabling the preview pane in Netscape Mail & News. This will help avoid automatic exploitation upon receiving a malicious vCard; however, it will not prevent exploitation if the malicious vCard is viewed via a Netscape product by some other method, such as opening the message normally.\n## Short Description\nA local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity.\n## References:\nVendor URL: http://www.mozilla.org/\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=257314)\nSecurity Tracker: 1011317\nSecurity Tracker: 1011316\nSecurity Tracker: 1011318\n[Secunia Advisory ID:12526](https://secuniaresearch.flexerasoftware.com/advisories/12526/)\n[Secunia Advisory ID:12535](https://secuniaresearch.flexerasoftware.com/advisories/12535/)\n[Secunia Advisory ID:12698](https://secuniaresearch.flexerasoftware.com/advisories/12698/)\n[Secunia Advisory ID:12742](https://secuniaresearch.flexerasoftware.com/advisories/12742/)\n[Secunia Advisory ID:12607](https://secuniaresearch.flexerasoftware.com/advisories/12607/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-26.xml\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-486.html\n[CVE-2004-0903](https://vulners.com/cve/CVE-2004-0903)\n", "modified": "2004-08-29T15:51:00", "published": "2004-08-29T15:51:00", "href": "https://vulners.com/osvdb/OSVDB:9966", "id": "OSVDB:9966", "type": "osvdb", "title": "Mozilla Multiple Product nsVCardObj.cpp writeGroup() Function Overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:41", "bulletinFamily": "scanner", "description": "Georgi Guninski discovered a stack-based buffer overflow which may be triggered when viewing email messages with vCard attachments.", "modified": "2018-11-23T00:00:00", "id": "FREEBSD_PKG_DA690355115911D9BC4A000C41E2CDAD.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19141", "published": "2005-07-13T00:00:00", "title": "FreeBSD : mozilla -- vCard stack buffer overflow (da690355-1159-11d9-bc4a-000c41e2cdad)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19141);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2004-0903\");\n script_xref(name:\"CERT\", value:\"414240\");\n\n script_name(english:\"FreeBSD : mozilla -- vCard stack buffer overflow (da690355-1159-11d9-bc4a-000c41e2cdad)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Georgi Guninski discovered a stack-based buffer overflow which may be\ntriggered when viewing email messages with vCard attachments.\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=257314\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=257314\"\n );\n # http://www.uscert.gov/cas/techalerts/TA04-261A.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2812f5e4\"\n );\n # https://vuxml.freebsd.org/freebsd/da690355-1159-11d9-bc4a-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c235cba\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<0.7.3_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla<1.7.2_2,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla>=1.8.a,2<1.8.a3_1,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk1<1.7.2_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-mozilla<1.7.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:06", "bulletinFamily": "scanner", "description": "The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent.\n\nThe remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.\n\nTo exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host.", "modified": "2018-08-22T00:00:00", "id": "THUNDERBIRD_MULTIPLE_FLAWS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14729", "published": "2004-09-15T00:00:00", "title": "Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14729);\n script_version(\"1.20\");\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\");\n script_bugtraq_id(11174, 11171, 11170);\n\n script_name(english:\"Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by \nmultiple flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is using Mozilla and/or Thunderbird, an \nalternative mail user agent.\n\nThe remote version of this software is vulnerable to \nseveral flaws that could allow an attacker to execute \narbitrary code on the remote host.\n\nTo exploit these flaws, an attacker would need to send a \nrogue email to a victim on the remote host.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla 1.7.3 or Thunderbird 0.8 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/08/29\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mozilla:mozilla\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mozilla:thunderbird\");\nscript_end_attributes();\n\n script_summary(english:\"Determines the version of Mozilla\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Windows\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\n#\n\ninclude(\"misc_func.inc\");\n\n\nver = read_version_in_kb(\"Mozilla/Version\");\nif (!isnull(ver))\n{\n if (\n ver[0] < 1 ||\n (\n ver[0] == 1 &&\n (\n ver[1] < 7 ||\n (ver[1] == 7 && ver[2] < 3)\n )\n )\n ) security_hole(get_kb_item(\"SMB/transport\"));\n}\n\nver = read_version_in_kb(\"Mozilla/Thunderbird/Version\");\nif (!isnull(ver))\n{\n if (ver[0] == 0 && ver[1] < 8)\n security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:13", "bulletinFamily": "scanner", "description": "Updated mozilla packages that fix a number of security issues are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a JavaScript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way JavaScript interacts with the clipboard. It is possible that an attacker could use malicious JavaScript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the 'Send Page' feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2004-486.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15409", "published": "2004-10-02T00:00:00", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:486)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:486. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15409);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0908\");\n script_xref(name:\"RHSA\", value:\"2004:486\");\n script_xref(name:\"Secunia\", value:\"12526\");\n\n script_name(english:\"RHEL 2.1 / 3 : mozilla (RHSA-2004:486)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mozilla packages that fix a number of security issues are now\navailable.\n\nMozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If\na user is tricked into dragging a JavaScript link into another frame\nor page, it becomes possible for an attacker to steal or modify\nsensitive information from that site. Additionally, if a user is\ntricked into dragging two links in sequence to another window (not\nframe), it is possible for the attacker to execute arbitrary commands.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP\nhandling code inside Mozilla. An attacker could create a carefully\ncrafted BMP file in such a way that it would cause Mozilla to crash or\nexecute arbitrary code when the image is viewed. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0904 to this issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard\ndisplay routines. An attacker could create a carefully crafted vCard\nfile in such a way that it would cause Mozilla to crash or execute\narbitrary code when viewed. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0903 to this\nissue.\n\nWladimir Palant discovered a flaw in the way JavaScript interacts with\nthe clipboard. It is possible that an attacker could use malicious\nJavaScript code to steal sensitive data which has been copied into the\nclipboard. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the 'Send\nPage' feature. It is possible that an attacker could construct a link\nin such a way that a user attempting to forward it could result in a\ncrash or arbitrary code execution. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2004-0902\nto this issue.\n\nUsers of Mozilla should update to these updated packages, which\ncontain backported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0908\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/known-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:486\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:486\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"galeon-1.2.13-5.2.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-chat-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-devel-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-dom-inspector-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-js-debugger-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-mail-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-devel-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-1.4.3-2.1.4\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-devel-1.4.3-2.1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-chat-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-devel-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-dom-inspector-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-js-debugger-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-mail-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-devel-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-1.4.3-3.0.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-devel-1.4.3-3.0.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"galeon / mozilla / mozilla-chat / mozilla-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:06", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)\n\n Mozilla-based products are vulnerable to multiple security issues.\n Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns.\n Several issues were found and fixed in JavaScript rights handling:\n untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses.\n Impact :\n\n An attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially crafted BMP image or VCard, use the 'Send Page' function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog.\n Workaround :\n\n There is no known workaround covering all vulnerabilities.", "modified": "2018-12-18T00:00:00", "id": "GENTOO_GLSA-200409-26.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14781", "published": "2004-09-21T00:00:00", "title": "GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-26.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14781);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0907\", \"CVE-2004-0908\", \"CVE-2004-0909\");\n script_xref(name:\"GLSA\", value:\"200409-26\");\n\n script_name(english:\"GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-26\n(Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)\n\n Mozilla-based products are vulnerable to multiple security issues.\n Firstly, routines handling the display of BMP images and VCards contain\n an integer overflow and a stack buffer overrun. Specific pages with\n long links, when sent using the 'Send Page' function, and links with\n non-ASCII hostnames could both cause heap buffer overruns.\n Several issues were found and fixed in JavaScript rights handling:\n untrusted script code could read and write to the clipboard, signed\n scripts could build confusing grant privileges dialog boxes, and when\n dragged onto trusted frames or windows, JavaScript links could access\n information and rights of the target frame or window. Finally,\n Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are\n vulnerable to a heap overflow caused by invalid POP3 mail server\n responses.\n \nImpact :\n\n An attacker might be able to run arbitrary code with the rights of the\n user running the software by enticing the user to perform one of the\n following actions: view a specially crafted BMP image or VCard, use the\n 'Send Page' function on a malicious page, follow links with malicious\n hostnames, drag multiple JavaScript links in a row to another window,\n or connect to an untrusted POP3 mail server. An attacker could also use\n a malicious page with JavaScript to disclose clipboard contents or\n abuse previously-given privileges to request XPI installation\n privileges through a confusing dialog.\n \nWorkaround :\n\n There is no known workaround covering all vulnerabilities.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e445b231\"\n );\n # http://www.us-cert.gov/cas/techalerts/TA04-261A.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.us-cert.gov/ncas/alerts/ta04-261a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the latest stable version:\n # emerge sync\n # emerge -pv your-version\n # emerge your-version\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 1.0_pre\"), vulnerable:make_list(\"lt 1.0_pre\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 0.8\"), vulnerable:make_list(\"lt 0.8\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla\", unaffected:make_list(\"ge 1.7.3\"), vulnerable:make_list(\"lt 1.7.3\"))) flag++;\nif (qpkg_check(package:\"www-client/epiphany\", unaffected:make_list(\"ge 1.2.9-r1\"), vulnerable:make_list(\"lt 1.2.9-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-bin\", unaffected:make_list(\"ge 1.7.3\"), vulnerable:make_list(\"lt 1.7.3\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 0.8\"), vulnerable:make_list(\"lt 0.8\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 1.0_pre\"), vulnerable:make_list(\"lt 1.0_pre\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla / Firefox / Thunderbird / Epiphany\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:08:14", "bulletinFamily": "scanner", "description": "A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 :\n\n - 'Send page' heap overrun\n\n - JavaScript clipboard access\n\n - buffer overflow when displaying VCard\n\n - BMP integer overflow\n\n - javascript: link dragging\n\n - Malicious POP3 server III\n\nThe details of all of these vulnerabilities are available from the Mozilla website.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2004-107.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15521", "published": "2004-10-20T00:00:00", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:107. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15521);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0902\", \"CVE-2004-0903\", \"CVE-2004-0904\", \"CVE-2004-0905\", \"CVE-2004-0906\", \"CVE-2004-0908\", \"CVE-2004-0909\");\n script_xref(name:\"MDKSA\", value:\"2004:107\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were fixed in mozilla 1.7.3, the following\nof which have been backported to mozilla packages for Mandrakelinux\n10.0 :\n\n - 'Send page' heap overrun\n\n - JavaScript clipboard access\n\n - buffer overflow when displaying VCard\n\n - BMP integer overflow\n\n - javascript: link dragging\n\n - Malicious POP3 server III\n\nThe details of all of these vulnerabilities are available from the\nMozilla website.\"\n );\n # http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e445b231\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nspr4-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nspr4-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nss3-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nss3-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnspr4-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnspr4-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnss3-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnss3-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-devel-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-dom-inspector-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-enigmail-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-enigmime-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-irc-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-js-debugger-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-mail-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-spellchecker-1.6-12.2.100mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "unix", "description": "\nGeorgi Guninski discovered a stack buffer overflow which\n\t may be triggered when viewing email messages with vCard\n\t attachments.\n", "modified": "2004-09-30T00:00:00", "published": "2004-09-13T00:00:00", "id": "DA690355-1159-11D9-BC4A-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/da690355-1159-11d9-bc4a-000c41e2cdad.html", "title": "mozilla -- vCard stack buffer overflow", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If\na user is tricked into dragging a javascript link into another frame or\npage, it becomes possible for an attacker to steal or modify sensitive\ninformation from that site. Additionally, if a user is tricked into\ndragging two links in sequence to another window (not frame), it is\npossible for the attacker to execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP\nhandling code inside Mozilla. An attacker could create a carefully crafted\nBMP file in such a way that it would cause Mozilla to crash or execute\narbitrary code when the image is viewed. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to\nthis issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard\ndisplay routines. An attacker could create a carefully crafted vCard file\nin such a way that it would cause Mozilla to crash or execute arbitrary\ncode when viewed. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way javascript interacts with\nthe clipboard. It is possible that an attacker could use malicious\njavascript code to steal sensitive data which has been copied into the\nclipboard. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the \"Send\nPage\" feature. It is possible that an attacker could construct a link in\nsuch a way that a user attempting to forward it could result in a crash or\narbitrary code execution. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain\nbackported patches and are not vulnerable to these issues.", "modified": "2019-03-22T23:43:43", "published": "2004-09-30T04:00:00", "id": "RHSA-2004:486", "href": "https://access.redhat.com/errata/RHSA-2004:486", "type": "redhat", "title": "(RHSA-2004:486) mozilla security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nMozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. \n\n### Description\n\nMozilla-based products are vulnerable to multiple security issues. Firstly routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the \"Send Page\" function, and links with non-ASCII hostnames could both cause heap buffer overruns. \n\nSeveral issues were found and fixed in JavaScript rights handling: untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses. \n\n### Impact\n\nAn attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially-crafted BMP image or VCard, use the \"Send Page\" function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog. \n\n### Workaround\n\nThere is no known workaround covering all vulnerabilities. \n\n### Resolution\n\nAll users should upgrade to the latest stable version: \n \n \n # emerge sync\n \n # emerge -pv your-version\n # emerge your-version", "modified": "2007-12-30T00:00:00", "published": "2004-09-20T00:00:00", "id": "GLSA-200409-26", "href": "https://security.gentoo.org/glsa/200409-26", "type": "gentoo", "title": "Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-04-13T01:00:44", "bulletinFamily": "unix", "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "modified": "2004-10-06T13:11:21", "published": "2004-10-06T13:11:21", "id": "SUSE-SA:2004:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "title": "various vulnerabilities in mozilla", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
