CVE-2004-0757 - OpenCVE

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Mozilla Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:mozilla::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

References

Link	Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://bugzilla.mozilla.org/show_bug.cgi?id=229374	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://secunia.com/advisories/10856
http://www.kb.cert.org/vuls/id/561022	US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/16869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-08-03T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2004-08-02T00:00:00

Link: CVE-2004-0757

JSON object: View

NVD Information

Status : Modified

Published: 2004-08-18T04:00:00.000

Modified: 2017-10-11T01:29:32.357

Link: CVE-2004-0757

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:11042", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042"}, {"name": "10856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/10856"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=229374"}, {"name": "SCOSA-2005.49", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"}, {"name": "SUSE-SA:2004:036", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"}, {"name": "RHSA-2004:421", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"}, {"name": "FLSA:2089", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"}, {"name": "mozilla-senduidl-pop3-bo(16869)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869"}, {"name": "15495", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15495"}, {"name": "oval:org.mitre.oval:def:3250", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250"}, {"name": "VU#561022", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/561022"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0757", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:11042", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042"}, {"name": "10856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10856"}, {"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=229374"}, {"name": "SCOSA-2005.49", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"}, {"name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"}, {"name": "RHSA-2004:421", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"}, {"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", "refsource": "CONFIRM", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"}, {"name": "FLSA:2089", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"}, {"name": "mozilla-senduidl-pop3-bo(16869)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869"}, {"name": "15495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15495"}, {"name": "oval:org.mitre.oval:def:3250", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250"}, {"name": "VU#561022", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/561022"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0757", "datePublished": "2004-08-03T04:00:00", "dateReserved": "2004-08-02T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", "versionEndIncluding": "0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9239E8A-8155-462A-A409-D66FF6B94B04", "versionEndIncluding": "1.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", "versionEndIncluding": "0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en el mont\u00f3n en SenUidl en la capacidad POP3 de Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, puede permitir a servidores POP3 remotos ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2004-0757", "lastModified": "2017-10-11T01:29:32.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=229374"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/10856"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/561022"}, {"source": "cve@mitre.org", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15495"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}