LiveActive security incident?Get immediate response
CVE archive

September 2004

Browse CVE records published in September 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 162 matching CVEs · Page 1 of 4.

Unknown · CVSS Not scored

CVE-2004-0909: Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remo...

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

Published Sep 24, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0902: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, a...

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Published Sep 24, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0903: Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Pre...

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Published Sep 24, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0830: The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Vi...

The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet.

Published Sep 24, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0842: Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a deni...

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

Published Sep 14, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0782: Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and ea...

Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).

Published Sep 17, 2004 · Updated Aug 8, 2024