Mozilla nsNNTPProtocol.cpp NNTP news:// URI Handling Overflow DoS

This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.


Synopsis :

A web browser on the remote host is prone to a heap overflow attack.

Description :

The remote version of Mozilla is vulnerable to a heap overflow attack
against its NNTP functionality.

This may allow an attacker to execute arbitrary code on the remote
host.

To exploit this flaw, an attacker would need to set up a rogue news
site and lure a victim on the remote host into reading news from it.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2005-06/

Solution :

Upgrade to Mozilla 1.7.5 or newer.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 16085 ()

Bugtraq ID: 12131
12407

CVE ID: CVE-2004-1316

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now