Description
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Product(s):
- Mozilla Mozilla 1.7.1
- Mozilla Mozilla 1.7.2
- Mozilla Mozilla 1.7
- Mozilla Mozilla 1.7 alpha
- Mozilla Mozilla 1.7 beta
- Mozilla Mozilla 1.7 rc1
- Mozilla Mozilla 1.7 rc2
- Mozilla Mozilla 1.7 rc3
- Mozilla Thunderbird 0.7.1
- Mozilla Thunderbird 0.7.2
- Mozilla Thunderbird 0.7.3
- Mozilla Thunderbird 0.7
- Mozilla Thunderbird 0.7 Release Candidate
- Conectiva Linux 10.0
- Conectiva Linux 9.0
- Red Hat Enterprise Linux 2.1 Advanced Server
- Red Hat Enterprise Linux 2.1 Advanced Server IA64
- Red Hat Enterprise Linux 2.1 Enterprise Server
- Red Hat Enterprise Linux 2.1 Enterprise Server IA64
- Red Hat Enterprise Linux 2.1 Workstation
- Red Hat Enterprise Linux 2.1 Workstation IA64
- Red Hat Enterprise Linux 3.0 Advanced Server Edition
- Red Hat Enterprise Linux 3.0 Enterprise Server Edition
- Red Hat Enterprise Linux 3.0 Workstation Server Edition
- Red Hat Desktop 3.0
- Red Hat Fedora Core Core 1.0
- Red Hat Linux 7.3
- Red Hat Linux 7.3 on I386
- Red Hat Linux 7.3 on i686
- Red Hat Linux 9.0 on i386
- Red Hat Linux Advanced Workstation 2.1 on IA64
- Red Hat Linux Advanced Workstation 2.1 on Itanium Processor
- SUSE Linux 1.0 Desktop
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SUSE SUSE Linux 8 Enterprise Server
- SuSE SuSE Linux 9.0
- Suse Suse Linux 9.0 Enterprise Server Edition
- SUSE Linux 9.0 x86_64
- SuSE SuSE Linux 9.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0902, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0902 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.