Vulnerability Note VU#125776
Multiple buffer overflows in Mozilla POP3 protocol handler
There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code.
Post Office Protocol Version 3 (POP3) is a mail protocol that provides a means for retrieving email from a remote server. The Mozilla mail client supports the POP3 protocol. There are multiple vulnerabilities in a number of functions used by the Mozilla POP3 protocol handler. The vulnerable functions include: FreeMsgInfo(), GetXtndXlstMsgid(), GetUidlList(), and GetList(). When processing POP3 responses, a specially crafted response could trigger a buffer overflow condition.
By sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server.
Upgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7.3, Firefox Preview Release, and Thunderbird 0.8.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla||Affected||-||16 Sep 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Gael Delalleau.
This document was written by Damon Morda.
- CVE IDs: Unknown
- Date Public: 29 May 2004
- Date First Published: 17 Sep 2004
- Date Last Updated: 17 Sep 2004
- Severity Metric: 28.69
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.