CVE-2004-0757 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

5.7%

top 9.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Mozilla Thunderbird

Timeline

PublishedAug 18

Latest updateMay 3

Description

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox0.9

▶NVDmozilla/thunderbird0.7

▶NVDmozilla/mozilla1.7

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-ffvj-mxf9-q65v: Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1↗2022-05-03

▶

CVEList

CVE-2004-0757: Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1↗2004-08-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-07-22

▶

💬Community

Bugzilla

CVE-2004-0757 security flaw↗2018-08-16

▶