CVE-2004-0902 | Vulnerability Database | Aqua Security

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the Send page functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Affected Software

Name	Vendor	Start Version	End Version
Mozilla	Mozilla	1.7 (including)	1.7 (including)
Mozilla	Mozilla	1.7.1 (including)	1.7.1 (including)
Mozilla	Mozilla	1.7.2 (including)	1.7.2 (including)
Thunderbird	Mozilla	0.7 (including)	0.7 (including)
Thunderbird	Mozilla	0.7.1 (including)	0.7.1 (including)
Thunderbird	Mozilla	0.7.2 (including)	0.7.2 (including)
Thunderbird	Mozilla	0.7.3 (including)	0.7.3 (including)
Linux	Conectiva	9.0 (including)	9.0 (including)
Linux	Conectiva	10.0 (including)	10.0 (including)

References

http://bugzilla.mozilla.org/show_bug.cgi?id=226669
http://bugzilla.mozilla.org/show_bug.cgi?id=245066
http://bugzilla.mozilla.org/show_bug.cgi?id=256316
http://bugzilla.mozilla.org/show_bug.cgi?id=258005
http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2
http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
https://exchange.xforce.ibmcloud.com/vulnerabilities/17379
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0902
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html