| VID |
28640 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla/Thunderbird, according to its version number, contains a BMP Decoding Integer Overflow Vulnerability.
Mozilla/Firefox and Thunderbird are open-source Web browsers and e-mail client, developed by the Mozilla project. Mozilla prior to 1.7.3, Firefox prior to 1.0PR and Thunderbird prior to 0.8 are vulnerable to a Integer Overflow vulnerability in the image parsing routines, caused by improper boundary checks. By issuing a specially-crafted BMP image file, a remote attacker could overflow a buffer and cause a denial of service, or possibly execute arbitrary code on the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Mozilla Project, Mozilla prior to 1.7.3
Mozilla Organization, Thunderbird prior to 0.8
Mozilla Project, Firefox prior to 1.0PR
Apple Computer, Inc., Mac OS Any version
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
For Mozilla Suite:
Upgrade to the latest version of Mozilla Suite (1.7.3 or later), available from the Mozilla Web site at http://www.mozilla.org/products/mozilla1.x/
For Mozilla Thunderbird:
Upgrade to the latest version of Mozilla Thunderbird (0.8 or later), available from the Mozilla Web site at http://www.mozilla.org/thunderbird/
For Mozilla Firefox:
Upgrade to the latest version of Mozilla Firefox (1.0PR or later), available from the Mozilla Web site at http://www.mozilla.org/product/firefox/ |
| Related URL |
CVE-2004-0904 (CVE) |
| Related URL |
11171 (SecurityFocus) |
| Related URL |
17381 (ISS) |
|
