{"vuid":"VU#561022","idnumber":"561022","name":"Mozilla contains a buffer overflow in the SendUidl() function","keywords":["Mozilla","Firefox","Thunderbird","buffer overflow","arbitrary code execution","SendUidl()","POP3","message limit","50k"],"overview":"A vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system.","clean_desc":"Post Office Protocol Version 3 (POP3) is a mail protocol that provides a means for retrieving email from a remote server. This protocol is supported by Mozilla, Firefox, and Thunderbird. These clients contain a vulnerability that allows malformed POP3 responses to trigger a buffer overflow condition in the SendUidl() function. Such responses can be sent by a remote POP3 server and could result in arbitrary code execution.","impact":"By sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server.","resolution":"Upgrade\nUpgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7, Firefox 0.9, and Thunderbird 0.7.2.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Zen Parse.","author":"This document was written by Damon Morda.","public":["http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7","http://bugzilla.mozilla.org/show_bug.cgi?id=229374","http://xforce.iss.net/xforce/xfdb/16869","http://www.redhat.com/support/errata/RHSA-2004-421.html","http://secunia.com/advisories/10856/","http://www.ciac.org/ciac/bulletins/o-195.shtml","http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659"],"cveids":["CVE-2004-0757"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-27T15:29:36Z","publicdate":"2004-05-29T00:00:00Z","datefirstpublished":"2004-08-20T13:46:34Z","dateupdated":"2004-08-20T15:13:46Z","revision":17,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"15","cam_impact":"10","cam_easeofexploitation":"2","cam_attackeraccessrequired":"20","cam_scorecurrent":"2.7","cam_scorecurrentwidelyknown":"3.2625","cam_scorecurrentwidelyknownexploited":"5.5125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.7,"vulnote":null}