CVE 2005-2701
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
Related bugs and status
CVE-2005-2701 (Candidate) is related to these bugs:
Bug #21268: epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
21268 | epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow? | epiphany-browser (Ubuntu) | High | Invalid | ||
21268 | epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow? | epiphany-browser (Debian) | Unknown | Fix Released |
Bug #21308: security issue revealed: CAN-2005-2871
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
21308 | security issue revealed: CAN-2005-2871 | mozilla (Ubuntu) | High | Fix Released | ||
21308 | security issue revealed: CAN-2005-2871 | mozilla (Debian) | Unknown | Fix Released |
Bug #22260: shell command execution
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
22260 | shell command execution | mozilla-thunderbird (Ubuntu) | High | Fix Released | ||
22260 | shell command execution | mozilla-thunderbird (Debian) | Unknown | Fix Released |
Bug #22261: mozilla-thunderbird --compose executes shell commands
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
22261 | mozilla-thunderbird --compose executes shell commands | mozilla-thunderbird (Ubuntu) | High | Invalid | ||
22261 | mozilla-thunderbird --compose executes shell commands | mozilla-thunderbird (Debian) | Unknown | Fix Released |
Bug #22324: mozilla: Multiple security issues fixed in 1.7.12
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
22324 | mozilla: Multiple security issues fixed in 1.7.12 | mozilla (Ubuntu) | High | Fix Released | ||
22324 | mozilla: Multiple security issues fixed in 1.7.12 | mozilla (Debian) | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.