CVE-2002-2061 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.4%

top 12.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Netscape Navigator

Timeline

PublishedDec 31

Latest updateApr 30

Description

Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/mozilla1.0

▶NVDnetscape/navigator6.2.3

Patches

Patch: bugzilla.mozilla.org ↗Patch: www.iss.net ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-p3vq-8pv9-cm7f: Heap-based buffer overflow in Netscape 6↗2022-04-30

▶

CVEList

CVE-2002-2061: Heap-based buffer overflow in Netscape 6↗2005-07-14

▶

📋Vendor Advisories

Red Hat

CVE-2002-2061: Heap-based buffer overflow in Netscape 6↗

▶