CVE-2005-0255 in Firefoxinfo

Summary

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

02/09/2005

Disclosure

05/02/2005

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
1261	Mozilla Firefox Download Content-Disposition denial of service		Not defined	Official fix	CVE-2005-0255
1259	Mozilla Firefox SSL View memory corruption	119	Not defined	Official fix	CVE-2005-0255
1258	Mozilla Firefox URF8 to Unicode Converter memory corruption	119	Not defined	Official fix	CVE-2005-0255
1257	Mozilla Firefox Installation Username denial of service		Not defined	Official fix	CVE-2005-0255
1254	Mozilla Firefox Form AutoComplete information disclosure		Not defined	Official fix	CVE-2005-0255
1253	Mozilla Firefox XLS Include/Import denial of service		Not defined	Official fix	CVE-2005-0255
1252	Mozilla Firefox .lnk File Remote Code Execution		Not defined	Official fix	CVE-2005-0255
1251	Mozilla Firefox Other Tab .htaccess denial of service		Not defined	Official fix	CVE-2005-0255

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!