CVE-2004-0757

high

Description

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042

https://exchange.xforce.ibmcloud.com/vulnerabilities/16869

http://www.securityfocus.com/bid/15495

http://www.redhat.com/support/errata/RHSA-2004-421.html

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

http://www.kb.cert.org/vuls/id/561022

http://secunia.com/advisories/10856

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://bugzilla.mozilla.org/show_bug.cgi?id=229374

Details

Source: Mitre, NVD

Published: 2004-08-18

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0448

Detections

Analytics