| VID |
28651 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla Web browser, according to its version number, contains a heap-based buffer overflow vulnerability in the NNTP functionality.
Mozilla are open-source Web browsers, developed by the Mozilla project. Mozilla versions 1.7.3 and earlier is vulnerable to a heap-based buffer overflow vulnerability, caused by improper boundary checks when the 'MSG_UnEscapeSearchUrl()' function attempts to parse NNTP URIs. A remote attacker could create a specially crafted web page containing malicious NNTP news URI, and then could persuade a target user to visit it. Once the web page is viewed, a remote attacker could overflow a buffer and cause a denial of service, or possibly execute arbitrary code with the privileges of the user that activated the vulnerable application.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://bugzilla.mozilla.org/show_bug.cgi?id=264388
* Platforms Affected:
Mozilla Project, Mozilla versions 1.7.3 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Mozilla Suite (1.7.5 or later), available from the Mozilla Web site at http://www.mozilla.org/ |
| Related URL |
CVE-2004-1316 (CVE) |
| Related URL |
12131 (SecurityFocus) |
| Related URL |
(ISS) |
|
