CVE-2004-0904

CVE Database · CVE-2004-0904

CVE-2004-0904

· N/AModified

CVSS v3.1

N/A

EPSS

8.01%

Published

Dec 31, 2004

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Affected Products (38)

mozilla · firefoxvulnerable

mozilla · mozillavulnerable

· thunderbird

References (20)

http://bugzilla.mozilla.org/show_bug.cgi?id=255067

Vendor Advisory

http://marc.info/?l=bugtraq&m=109698896104418&w=2

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://security.gentoo.org/glsa/glsa-200409-26.xml

http://www.kb.cert.org/vuls/id/847200

Third Party AdvisoryUS Government Resource

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://www.securityfocus.com/bid/11171

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA04-261A.html

KEV Catalog EPSS Scores Vendors All CVEs