CVE-2005-0399 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

8 documents6 sources

Severity

5.1MEDIUMNVD

EPSS

41.3%

top 2.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Mozilla Thunderbird

Timeline

PublishedMay 2

Latest updateMay 3

Description

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox9 versions+8

▶NVDmozilla/thunderbird14 versions+13

▶NVDmozilla/mozilla11 versions+10

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-x75c-2774-mpv3: Heap-based buffer overflow in GIF2↗2022-05-03

▶

CVEList

CVE-2005-0399: Heap-based buffer overflow in GIF2↗2005-03-24

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Red Hat

security flaw↗2005-03-23

▶

Red Hat

tar archive path traversal issue↗2003-07-21

▶

💬Community

Bugzilla

CVE-2005-0399 security flaw↗2018-08-16

▶

Bugzilla

Multiple tar issues (CVE-2005-1918, CVE-2006-0300)↗2006-03-02

▶