CVE-2004-0904

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0904
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	0.6	0.6.x
mozilla / firefox	0.8	0.8.x
mozilla / thunderbird	0.7.2	0.7.2.x
conectiva / linux	9.0	9.0.x
mozilla / mozilla	1.7	1.7.x
mozilla / firefox	0.9.1	0.9.1.x
netscape / navigator	7.1	7.1.x
mozilla / firefox	0.9	0.9.x
netscape / navigator	7.2	7.2.x
netscape / navigator	7.0	7.0.x
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / thunderbird	0.7.3	0.7.3.x
netscape / navigator	7.0.2	7.0.2.x
mozilla / firefox	0.9.3	0.9.3.x
mozilla / thunderbird	0.7	0.7.x
mozilla / firefox	0.9.2	0.9.2.x
conectiva / linux	10.0	10.0.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / firefox	0.9-rc	0.9-rc.x
mozilla / mozilla	1.7-rc3	1.7-rc3.x
mozilla / thunderbird	0.7.1	0.7.1.x
redhat / enterprise_linux	2.1	2.1.x
redhat / linux	7.3	7.3.x
redhat / enterprise_linux_desktop	3.0	3.0.x
redhat / linux_advanced_workstation	2.1	2.1.x
redhat / enterprise_linux	3.0	3.0.x
redhat / fedora_core	core_1.0	core_1.0.x
redhat / linux	9.0	9.0.x

Vulnerability Database

289,599

CVE-2004-0904