Mozilla浏览器BMP图像译码多个整数溢出漏洞

漏洞信息详情

Mozilla浏览器BMP图像译码多个整数溢出漏洞

• CNNVD编号：CNNVD-200412-656
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2004-0904
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-23
  
• 厂        商：
  
  netscape
• 漏洞来源：
  Discovery is credi…

Mozilla Firefox Preview Release之前版本，Mozilla 1.7.3之前版本，以及Thunderbird 0.8之前版本中的位图(BMP)译码存在整数溢出漏洞。远程攻击者可以借助触发基于堆的缓冲区溢出的宽位图文件执行任意代码。

This issue has been addressed in Mozilla 1.7.3, Firefox Preview
Release, and Thunderbird 0.8.
Conectiva has released an advisory (CLA-2004:877) to address various issues including this issue in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.
Gentoo has released an advisory (GLSA 200409-26) to address various issues in Mozilla Browsers. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems.
emerge sync
emerge -pv your-version
emerge your-version
RedHat Linux has released advisory RHSA-2004:486-18 along with fixes to address this, and other issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information on obtaining fixes.
HP has released an advisory (SSRT4826) dealing with this issue for their Tru64 UNIX platform. Please see the referenced advisory for more information.
The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Mozilla Thunderbird 0.6

• Mozilla Thunderbird 0.8
  
  http://www.mozilla.org/products/thunderbird/releases/

Mozilla Thunderbird 0.7

• Mozilla Thunderbird 0.8
  
  http://www.mozilla.org/products/thunderbird/releases/

Mozilla Thunderbird 0.7.1

• Mozilla Thunderbird 0.8
  
  http://www.mozilla.org/products/thunderbird/releases/

Mozilla Thunderbird 0.7.2

• Mozilla Thunderbird 0.8
  
  http://www.mozilla.org/products/thunderbird/releases/

Mozilla Thunderbird 0.7.3

• Mozilla Thunderbird 0.8
  
  http://www.mozilla.org/products/thunderbird/releases/

Mozilla Firefox 0.8

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9 rc

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.1

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.2

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Firefox 0.9.3

• Mozilla Firefox Preview Release
  
  http://www.mozilla.org/products/firefox/releases/0.10.html

Mozilla Browser 1.7

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7 rc3

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7.1

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

Mozilla Browser 1.7.2

• Mozilla Mozilla 1.7.3
  
  http://www.mozilla.org/releases/

来源:US-CERT Technical Alert: TA04-261A
名称: TA04-261A
链接:http://www.us-cert.gov/cas/techalerts/TA04-261A.html

来源:US-CERT Vulnerability Note: VU#847200
名称: VU#847200
链接:http://www.kb.cert.org/vuls/id/847200

来源: XF
名称: mozilla-netscape-bmp-bo(17381)
链接:http://xforce.iss.net/xforce/xfdb/17381

来源: BID
名称: 11171
链接:http://www.securityfocus.com/bid/11171

来源: SUSE
名称: SUSE-SA:2004:036
链接:http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

来源: www.mozilla.org
链接:http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

来源: GENTOO
名称: GLSA-200409-26
链接:http://security.gentoo.org/glsa/glsa-200409-26.xml

来源: OVAL
名称: oval:org.mitre.oval:def:10952
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10952

来源: FEDORA
名称: FLSA:2089
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109900315219363&w=2

来源: FEDORA
名称: FLSA:2089
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109900315219363&w=2

来源: HP
名称: SSRT4826
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109698896104418&w=2

来源: HP
名称: SSRT4826
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109698896104418&w=2

来源: bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=255067