CVE Vulnerabilities

CVE-2004-1316

Published: Dec 29, 2004 | Modified: May 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing (backslash) character, which prevents a string from being NULL terminated.

Affected Software

Name Vendor Start Version End Version
Mozilla Mozilla * *
Mozilla Mozilla 1.3 1.3
Mozilla Mozilla 1.4 1.4
Mozilla Mozilla 1.4 1.4
Mozilla Mozilla 1.4.1 1.4.1
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.5 1.5
Mozilla Mozilla 1.5.1 1.5.1
Mozilla Mozilla 1.6 1.6
Mozilla Mozilla 1.6 1.6
Mozilla Mozilla 1.6 1.6
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7 1.7
Mozilla Mozilla 1.7.1 1.7.1
Mozilla Mozilla 1.7.2 1.7.2
Mozilla Mozilla 1.7.3 1.7.3
Red Hat Enterprise Linux 2.1 RedHat mozilla *
Red Hat Enterprise Linux 3 RedHat mozilla *
Mozilla Ubuntu edgy *

References