FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- heap overflow in NNTP handler

Affected packages
0 < de-netscape7
0 < fr-netscape7
0 < ja-netscape7
0 < netscape7
0 < pt_BR-netscape7
linux-mozilla < 1.7.5
linux-mozilla-devel < 1.7.5
mozilla-gtk1 < 1.7.5
mozilla < 1.7.5,2
0 <= de-linux-netscape
0 <= fr-linux-netscape
0 <= ja-linux-netscape
0 <= linux-netscape
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-gtk
0 <= mozilla-gtk2

Details

VuXML ID 3fbf9db2-658b-11d9-abad-000a95bc6fae
Discovery 2004-12-29
Entry 2005-01-13

Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers:

Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine.

References

CVE Name CVE-2004-1316
Message Pine.LNX.4.44.0412292228440.19239-200000@isec.pl
URL http://isec.pl/vulnerabilities/isec-0020-mozilla.txt