Overview
There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code.
Description
Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor available for a number of platforms including Microsoft Windows, Linux, and other UNIX platforms. The email client provides a "send page" feature that allows users to easily attach a web page to an email message and forward that page to a specified email address. There is a vulnerability in the way the "send page" feature handles overly long URLs that could trigger a buffer overflow condition. |
Impact
By convincing a user to send a specially crafted URL using the "send page" feature, an attacker could execute arbitrary code with privileges of the vulnerable process. |
Solution
Upgrade Upgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7.3, Firefox Preview Release, and Thunderbird 0.8. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Georgi Guninski.
This document was written by Damon Morda.
Other Information
| CVE IDs: | None |
| Severity Metric: | 5.74 |
| Date Public: | 2004-09-04 |
| Date First Published: | 2004-09-17 |
| Date Last Updated: | 2004-09-17 18:08 UTC |
| Document Revision: | 13 |