CVE-2002-2061
published 2002-12-31CVE-2002-2061: Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.49%
87.7th percentile
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | mozilla | <= 1.0 | — |
| netscape | navigator | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3vq-8pv9-cm7f: Heap-based buffer overflow in Netscape 6
ghsa_unreviewed·2022-04-30
CVE-2002-2061 [HIGH] GHSA-p3vq-8pv9-cm7f: Heap-based buffer overflow in Netscape 6
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Red Hat
CVE-2002-2061: Heap-based buffer overflow in Netscape 6
vendor_redhat·CVSS 7.5
CVE-2002-2061 [HIGH] CVE-2002-2061: Heap-based buffer overflow in Netscape 6
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Statement: Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugzilla.mozilla.org/show_bug.cgi?id=157202http://www.iss.net/security_center/static/9287.phphttp://www.mandriva.com/security/advisories?name=MDKSA-2002:074http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.htmlhttp://bugzilla.mozilla.org/show_bug.cgi?id=157202http://www.iss.net/security_center/static/9287.phphttp://www.mandriva.com/security/advisories?name=MDKSA-2002:074http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
2002-12-31
Published