CVE-2005-0399

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://secunia.com/advisories/14654

http://secunia.com/advisories/19823

http://www.ciac.org/ciac/bulletins/p-160.shtml

http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

http://www.kb.cert.org/vuls/id/557948

http://www.mozilla.org/security/announce/mfsa2005-30.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-323.html

http://www.redhat.com/support/errata/RHSA-2005-335.html

http://www.redhat.com/support/errata/RHSA-2005-336.html

http://www.redhat.com/support/errata/RHSA-2005-337.html

http://www.securityfocus.com/bid/12881

http://www.securityfocus.com/bid/15495

http://www.vupen.com/english/advisories/2005/0296

http://xforce.iss.net/xforce/alerts/id/191

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877

https://exchange.xforce.ibmcloud.com/vulnerabilities/19269

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377

Details

Source: MITRE

Published: 2005-05-02

Updated: 2018-05-03

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

Tenable Plugins

View all (54 total)

IDNameProductFamilySeverity
20546Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)NessusUbuntu Local Security Checks
high
3239Mozilla Firefox < 1.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
3238Mozilla Firefox < 1.7.12 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
19634Fedora Core 3 : mozilla-1.7.6-1.3.2 (2005-249)NessusFedora Local Security Checks
medium
19633Fedora Core 3 : thunderbird-1.0.2-1.3.1 (2005-247)NessusFedora Local Security Checks
medium
19632Fedora Core 3 : firefox-1.0.2-1.3.1 (2005-246)NessusFedora Local Security Checks
medium
3099Mozilla Firefox < 1.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
3067Mozilla Firefox < 1.7.10 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
3066Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
18998FreeBSD : mozilla -- heap buffer overflow in GIF image processing (7d2aac52-9c6b-11d9-99a7-000a95bc6fae)NessusFreeBSD Local Security Checks
medium
18320Fedora Core 2 : mozilla-1.7.6-1.2.2 (2005-248)NessusFedora Local Security Checks
medium
18277Mandrake Linux Security Advisory : mozilla (MDKSA-2005:088)NessusMandriva Local Security Checks
high
2902Mozilla Firefox < 1.7.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
2887Mozilla Firefox < 1.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
2789Mozilla Firefox < 1.7.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
2788Mozilla Firefox < 1.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
17632GLSA-200503-32 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
17628RHEL 4 : thunderbird (RHSA-2005:337)NessusRed Hat Local Security Checks
medium
17627RHEL 4 : firefox (RHSA-2005:336)NessusRed Hat Local Security Checks
medium
17626RHEL 4 : mozilla (RHSA-2005:335)NessusRed Hat Local Security Checks
high
17624RHEL 2.1 / 3 : mozilla (RHSA-2005:323)NessusRed Hat Local Security Checks
high
17620GLSA-200503-31 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
17619GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
17605Mozilla Thunderbird < 1.0.2 Browser GIF Processing OverflowNessusWindows
high
17604Mozilla Browser < 1.7.6 Multiple VulnerabilitiesNessusWindows
high
17603Firefox < 1.0.2 Multiple VulnerabilitiesNessusWindows
medium
2703Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
high
2671Mozilla Firefox < 1.7.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
2652Mozilla Firefox < 1.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
2603MSN Messenger < 6.2.0205 PNG File Remote Overflow (deprecated)Nessus Network MonitorInternet Messengers
high
2602Microsoft Media Player Version 9 PNG Multiple Vulnerabilities (deprecated)Nessus Network MonitorGeneric
high
1775Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated)Nessus Network MonitorWeb Clients
high
1773Mozilla Firefox < 1.7.1 / Thunderbird < 0.7.1 POP3 Remote Heap Overflow (deprecated)Nessus Network MonitorWeb Clients
high
1772Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated)Nessus Network MonitorWeb Clients
high
1771Mozilla Firefox < 1.7.2 Non-FQDN SSL Certificate SpoofingNessus Network MonitorWeb Clients
high
1770Mozilla Firefox < 1.7.1 SSL Redirect SpoofingNessus Network MonitorWeb Clients
high
2116Mozilla Firefox Input Type HTML Tag Unauthorized Access (deprecated)Nessus Network MonitorWeb Clients
high
801373Mozilla XML User Interface Language Browser Interface SpoofingLog Correlation EngineWeb Clients
medium
801318Mozilla Browser < 1.7.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801295Mozilla Firefox < 1.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801294Mozilla Browser < 1.7.12 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801293Mozilla < 1.7.7 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801292Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate SpoofingLog Correlation EngineWeb Clients
medium
801263Mozilla < 1.7.1 SSL Redirect SpoofingLog Correlation EngineWeb Clients
medium
801257Mozilla Browser < 1.7.10 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801229Mozilla Browser Input Type HTML Tag Unauthorized AccessLog Correlation EngineWeb Clients
medium
801228Mozilla < 1.7.1 Cross-Domain Frame Loading VulnerabilityLog Correlation EngineWeb Clients
medium
801221Mozilla Thunderbird < 1.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801217Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801215Mozilla < 1.7.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801211Mozilla Browser <1.7.1 / Thunderbird < 0.7.1 SendUIDL POP3 Message Handling Remote Heap OverflowLog Correlation EngineWeb Clients
medium
800781Firefox < 1.0.7 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800777Firefox < 1.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800745Firefox < 1.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high