FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- BMP decoder vulnerabilities

Affected packages
thunderbird < 0.7.3_1
de-linux-mozillafirebird < 0.9.3_1
el-linux-mozillafirebird < 0.9.3_1
firefox < 0.9.3_1
ja-linux-mozillafirebird-gtk1 < 0.9.3_1
ja-mozillafirebird-gtk2 < 0.9.3_1
linux-mozillafirebird < 0.9.3_1
linux-phoenix < 0.9.3_1
phoenix < 0.9.3_1
ru-linux-mozillafirebird < 0.9.3_1
zhCN-linux-mozillafirebird < 0.9.3_1
zhTW-linux-mozillafirebird < 0.9.3_1
de-netscape7 <= 7.2
fr-netscape7 <= 7.2
ja-netscape7 <= 7.2
netscape7 <= 7.2
pt_BR-netscape7 <= 7.2
linux-mozilla < 1.7.3
linux-mozilla-devel < 1.7.3
mozilla-gtk1 < 1.7.2_3
mozilla < 1.7.2_2,2
1.8.a,2 <= mozilla < 1.8.a3_1,2
0 <= de-linux-netscape
0 <= fr-linux-netscape
0 <= ja-linux-netscape
0 <= linux-netscape
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk2
0 <= mozilla-thunderbird

Details

VuXML ID ab9c559e-115a-11d9-bc4a-000c41e2cdad
Discovery 2004-09-13
Entry 2004-09-28
Modified 2004-09-30

Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution.

References

CERT/CC Vulnerability Note 847200
CVE Name CVE-2004-0904
URL http://bugzilla.mozilla.org/show_bug.cgi?id=255067
US-CERT Technical Cyber Security Alert TA04-261A