Intrusion Prevention

BMP.File.Width.Height.Buffer.Overflow

Description

It indicates a buffer overflow exploit attempt is made against Mozilla.


A buffer overflow vulnerability has been reported in the bitmap decoder of certain versions of Mozilla browser. The affected decoder is invoked whenever the application displays a .bmp image. Since the decoder places no limit on the width or height of the image, a malformed image can cause a buffer overflow condition in the application.

Affected Products

Any unprotected Mozilla Firefox 0.9.3 and prior, Mozilla 1.7.2 and prior, and Mozilla Thunderbird 0.7.3 and prior is vulnerable.

Impact

A remote attacker who has successfully exploited this vulnerability can execute arbitrary code in the target system.

Recommended Actions

Apply appropriate patches or upgrade the software to the latest non-vulnerable version.

CVE References

CVE-2004-0904