CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0904

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile34.83th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

= 0.8
πŸ“¦
Mozilla

Firefox

= 0.9
πŸ“¦
Mozilla

Firefox

= 0.9
πŸ“¦
Mozilla

Firefox

= 0.9.1
πŸ“¦
Mozilla

Firefox

= 0.9.2
πŸ“¦
Mozilla

Firefox

= 0.9.3
πŸ“¦
Mozilla

Mozilla

= 1.7
πŸ“¦
Mozilla

Mozilla

= 1.7
πŸ“¦
Mozilla

Mozilla

= 1.7.1
πŸ“¦
Mozilla

Mozilla

= 1.7.2
πŸ“¦
Mozilla

Thunderbird

= 0.6
πŸ“¦
Mozilla

Thunderbird

= 0.7
πŸ“¦
Mozilla

Thunderbird

= 0.7.1
πŸ“¦
Mozilla

Thunderbird

= 0.7.2
πŸ“¦
Mozilla

Thunderbird

= 0.7.3
πŸ“¦
Netscape

Navigator

= 7.0
πŸ“¦
Netscape

Navigator

= 7.0.2
πŸ“¦
Netscape

Navigator

= 7.1
πŸ“¦
Netscape

Navigator

= 7.2
πŸ’»
Conectiva

Linux

= 9.0
πŸ’»
Conectiva

Linux

= 10.0
πŸ’»
Redhat

Enterprise Linux

= 2.1
πŸ’»
Redhat

Enterprise Linux

= 2.1
πŸ’»
Redhat

Enterprise Linux

= 2.1
πŸ’»
Redhat

Enterprise Linux

= 2.1
πŸ’»
Redhat

Enterprise Linux

= 2.1
πŸ’»
Redhat

Enterprise Linux

= 2.1
πŸ’»
Redhat

Enterprise Linux

= 3.0
πŸ’»
Redhat

Enterprise Linux

= 3.0
πŸ’»
Redhat

Enterprise Linux

= 3.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 3.0
πŸ’»
Redhat

Fedora Core

= core_1.0
πŸ’»
Redhat

Linux

= 7.3
πŸ’»
Redhat

Linux

= 7.3
πŸ’»
Redhat

Linux

= 7.3
πŸ’»
Redhat

Linux

= 9.0
πŸ’»
Redhat

Linux Advanced Workstation

= 2.1
πŸ’»
Redhat

Linux Advanced Workstation

= 2.1

References & Advisories

πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=255067
πŸ”— http://marc.info/?l=bugtraq&m=109698896104418&w=2
πŸ”— http://marc.info/?l=bugtraq&m=109900315219363&w=2
πŸ”— http://security.gentoo.org/glsa/glsa-200409-26.xml
πŸ”— http://www.kb.cert.org/vuls/id/847200
πŸ”— http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
πŸ”— http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
πŸ”— http://www.securityfocus.com/bid/11171

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...