| VID |
28641 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla/Thunderbird, according to its version number, contains an URI Processing Heap-Based Buffer Overflow Vulnerability.
Mozilla and Thunderbird are open-source Web browsers and e-mail client, developed by the Mozilla project. Mozilla prior to 1.7.3 and Thunderbird prior to 0.8 are vulnerable to a heap-based buffer overflow vulnerability, caused by improper bounds checking of user-supplied input. By forwarding a specially-crafted message, a remote attacker could overflow a buffer and execute arbitrary code on the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Mozilla Project, Mozilla prior to 1.7.3
Mozilla Organization, Thunderbird prior to 0.8
Apple Computer, Inc., Mac OS Any version
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
For Mozilla Suite:
Upgrade to the latest version of Mozilla Suite (1.7.3 or later), available from the Mozilla Web site at http://www.mozilla.org/products/mozilla1.x/
For Mozilla Thunderbird:
Upgrade to the latest version of Mozilla Thunderbird (0.8 or later), available from the Mozilla Web site at http://www.mozilla.org/products/thunderbird/ |
| Related URL |
CVE-2004-0902 (CVE) |
| Related URL |
11170 (SecurityFocus) |
| Related URL |
17370 (ISS) |
|
