CVE-2004-0902

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Published: Jan 27, 2005
Updated: Nov 9, 2025
CVE: CVE-2004-0902
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	0.7.2	0.7.2.x
conectiva / linux	9.0	9.0.x
mozilla / mozilla	1.7	1.7.x
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / thunderbird	0.7.3	0.7.3.x
mozilla / thunderbird	0.7	0.7.x
conectiva / linux	10.0	10.0.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / thunderbird	0.7.1	0.7.1.x
suse / suse_linux	9.0	9.0.x
redhat / enterprise_linux	2.1	2.1.x
redhat / linux	7.3	7.3.x
redhat / enterprise_linux_desktop	3.0	3.0.x
redhat / linux_advanced_workstation	2.1	2.1.x
suse / suse_linux	8.2	8.2.x
redhat / enterprise_linux	3.0	3.0.x
suse / suse_linux	8	8.x
suse / suse_linux	1.0	1.0.x
redhat / fedora_core	core_1.0	core_1.0.x
redhat / linux	9.0	9.0.x
suse / suse_linux	9.1	9.1.x
suse / suse_linux	8.1	8.1.x

Vulnerability Database

300,444

CVE-2004-0902

Deep Security Visibility Without the Complexity