There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code.
Post Office Protocol Version 3 (POP3) is a mail protocol that provides a means for retrieving email from a remote server. The Mozilla mail client supports the POP3 protocol. There are multiple vulnerabilities in a number of functions used by the Mozilla POP3 protocol handler. The vulnerable functions include: FreeMsgInfo(), GetXtndXlstMsgid(), GetUidlList(), and GetList(). When processing POP3 responses, a specially crafted response could trigger a buffer overflow condition.
By sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server.
Upgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7.3, Firefox Preview Release, and Thunderbird 0.8.
This vulnerability was reported by Gael Delalleau.
|Date First Published:||2004-09-17|
|Date Last Updated:||2004-09-17 18:07 UTC|