CVE-2005-2701

HIGH

Description

Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://secunia.com/advisories/16911

http://secunia.com/advisories/16917

http://secunia.com/advisories/16977

http://secunia.com/advisories/17014

http://secunia.com/advisories/17026

http://secunia.com/advisories/17149

http://secunia.com/advisories/17263

http://secunia.com/advisories/17284

http://securitytracker.com/id?1014954

http://www.debian.org/security/2005/dsa-838

http://www.debian.org/security/2005/dsa-866

http://www.debian.org/security/2005/dsa-868

http://www.mandriva.com/security/advisories?name=MDKSA-2005:169

http://www.mandriva.com/security/advisories?name=MDKSA-2005:170

http://www.mandriva.com/security/advisories?name=MDKSA-2005:174

http://www.mozilla.org/security/announce/mfsa2005-58.html

http://www.novell.com/linux/security/advisories/2005_58_mozilla.html

http://www.osvdb.org/19643

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html

http://www.redhat.com/support/errata/RHSA-2005-785.html

http://www.redhat.com/support/errata/RHSA-2005-789.html

http://www.securityfocus.com/bid/14916

http://www.securityfocus.com/bid/15495

http://www.ubuntu.com/usn/usn-200-1

http://www.vupen.com/english/advisories/2005/1824

https://exchange.xforce.ibmcloud.com/vulnerabilities/22373

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1480

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9323

Details

Source: MITRE

Published: 2005-09-23

Updated: 2017-10-11

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 1.0.6 (inclusive)

cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* versions up to 1.7.11 (inclusive)

Tenable Plugins

View all (57 total)

ID	Name	Product	Family	Severity
21963	CentOS 4 : firefox (CESA-2005:785)	Nessus	CentOS Local Security Checks	high
21859	CentOS 3 / 4 : Mozilla (CESA-2005:789)	Nessus	CentOS Local Security Checks	high
21473	FreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82)	Nessus	FreeBSD Local Security Checks	high
20616	Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)	Nessus	Ubuntu Local Security Checks	high
20597	Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1)	Nessus	Ubuntu Local Security Checks	high
20428	Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)	Nessus	Mandriva Local Security Checks	high
20071	Debian DSA-868-1 : mozilla-thunderbird - several vulnerabilities	Nessus	Debian Local Security Checks	high
20063	Debian DSA-866-1 : mozilla - several vulnerabilities	Nessus	Debian Local Security Checks	high
19923	Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)	Nessus	Mandriva Local Security Checks	high
19877	Fedora Core 3 : mozilla-1.7.12-1.3.1 (2005-932)	Nessus	Fedora Local Security Checks	high
19876	Fedora Core 3 : firefox-1.0.7-1.1.fc3 (2005-931)	Nessus	Fedora Local Security Checks	high
19872	Fedora Core 4 : mozilla-1.7.12-1.5.1 (2005-927)	Nessus	Fedora Local Security Checks	high
19871	Fedora Core 4 : firefox-1.0.7-1.1.fc4 (2005-926)	Nessus	Fedora Local Security Checks	high
19837	RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:789)	Nessus	Red Hat Local Security Checks	high
19835	RHEL 4 : firefox (RHSA-2005:785)	Nessus	Red Hat Local Security Checks	high
19810	GLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
19807	Debian DSA-838-1 : mozilla-firefox - multiple vulnerabilities	Nessus	Debian Local Security Checks	high
3239	Mozilla Firefox < 1.0.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3238	Mozilla Firefox < 1.7.12 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
19719	Firefox < 1.0.7 Multiple Vulnerabilities	Nessus	Windows	high
19718	Mozilla Browser < 1.7.12 Multiple Vulnerabilities	Nessus	Windows	high
3099	Mozilla Firefox < 1.0.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3067	Mozilla Firefox < 1.7.10 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3066	Mozilla Firefox < 1.0.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2902	Mozilla Firefox < 1.7.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2887	Mozilla Firefox < 1.0.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2789	Mozilla Firefox < 1.7.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2788	Mozilla Firefox < 1.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2703	Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
2671	Mozilla Firefox < 1.7.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2652	Mozilla Firefox < 1.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
2603	MSN Messenger < 6.2.0205 PNG File Remote Overflow (deprecated)	Nessus Network Monitor	Internet Messengers	medium
2602	Microsoft Media Player Version 9 PNG Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	Generic	medium
1775	Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated)	Nessus Network Monitor	Web Clients	medium
1773	Mozilla Firefox < 1.7.1 / Thunderbird < 0.7.1 POP3 Remote Heap Overflow (deprecated)	Nessus Network Monitor	Web Clients	medium
1772	Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated)	Nessus Network Monitor	Web Clients	medium
1771	Mozilla Firefox < 1.7.2 Non-FQDN SSL Certificate Spoofing	Nessus Network Monitor	Web Clients	medium
1770	Mozilla Firefox < 1.7.1 SSL Redirect Spoofing	Nessus Network Monitor	Web Clients	medium
2116	Mozilla Firefox Input Type HTML Tag Unauthorized Access (deprecated)	Nessus Network Monitor	Web Clients	medium
801373	Mozilla XML User Interface Language Browser Interface Spoofing	Log Correlation Engine	Web Clients	medium
801318	Mozilla Browser < 1.7.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801295	Mozilla Firefox < 1.0.4 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801294	Mozilla Browser < 1.7.12 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801293	Mozilla < 1.7.7 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801292	Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate Spoofing	Log Correlation Engine	Web Clients	medium
801263	Mozilla < 1.7.1 SSL Redirect Spoofing	Log Correlation Engine	Web Clients	medium
801257	Mozilla Browser < 1.7.10 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801229	Mozilla Browser Input Type HTML Tag Unauthorized Access	Log Correlation Engine	Web Clients	medium
801228	Mozilla < 1.7.1 Cross-Domain Frame Loading Vulnerability	Log Correlation Engine	Web Clients	medium
801221	Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801217	Mozilla Firefox < 1.0.5 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801215	Mozilla < 1.7.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801211	Mozilla Browser <1.7.1 / Thunderbird < 0.7.1 SendUIDL POP3 Message Handling Remote Heap Overflow	Log Correlation Engine	Web Clients	medium
800781	Firefox < 1.0.7 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800777	Firefox < 1.0.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800757	Firefox < 1.0.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	medium
800745	Firefox < 1.0.3 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high