CVE-2005-0255 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

8.0%

top 7.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Mozilla Thunderbird

Timeline

PublishedMay 2

Latest updateMay 1

Description

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox1.0

▶NVDmozilla/thunderbird10 versions+9

▶NVDmozilla/mozilla1.7.3

Patches

Patch: www.gentoo.org ↗Patch: www.gentoo.org ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-xg8v-4hxj-rcfg: String handling functions in Mozilla 1↗2022-05-01

▶

CVEList

CVE-2005-0255: String handling functions in Mozilla 1↗2005-02-28

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Red Hat

security flaw↗2005-02-28

▶

💬Community

Bugzilla

CVE-2005-0255 security flaw↗2018-08-16

▶