Launchpad CVE tracker

CVE 2005-2701

Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.

Related bugs and status

CVE-2005-2701 (Candidate) is related to these bugs:

Bug #21268: epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?

Summary				In	Importance	Status
	21268	epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?		epiphany-browser (Ubuntu)	High	Invalid
	21268	epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?		epiphany-browser (Debian)	Unknown	Fix Released

Bug #21308: security issue revealed: CAN-2005-2871

Summary				In	Importance	Status
	21308	security issue revealed: CAN-2005-2871		mozilla (Ubuntu)	High	Fix Released
	21308	security issue revealed: CAN-2005-2871		mozilla (Debian)	Unknown	Fix Released

Bug #22260: shell command execution

Summary				In	Importance	Status
	22260	shell command execution		mozilla-thunderbird (Ubuntu)	High	Fix Released
	22260	shell command execution		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #22261: mozilla-thunderbird --compose executes shell commands

Summary				In	Importance	Status
	22261	mozilla-thunderbird --compose executes shell commands		mozilla-thunderbird (Ubuntu)	High	Invalid
	22261	mozilla-thunderbird --compose executes shell commands		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #22324: mozilla: Multiple security issues fixed in 1.7.12

Summary				In	Importance	Status
	22324	mozilla: Multiple security issues fixed in 1.7.12		mozilla (Ubuntu)	High	Fix Released
	22324	mozilla: Multiple security issues fixed in 1.7.12		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-2701

References