Description
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVSS Metrics
- Vector
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- network
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- complete
- Integrity
- complete
- Availability
- complete
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- MOZILLA
- Published
- 12/31/2004
- Last Modified
- 4/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : thunderbirdmozilla : thunderbirdmozilla : thunderbirdmozilla : thunderbirdmozilla : thunderbirdnetscape : navigatornetscape : navigatornetscape : navigatornetscape : navigatorconectiva : linuxconectiva : linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linux_desktopredhat : fedora_coreredhat : linuxredhat : linuxredhat : linuxredhat : linuxredhat : linux_advanced_workstationredhat : linux_advanced_workstation
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.