Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
bugzilla.mozilla.org/show_bug.cgi?id=255067
marc.info/?l=bugtraq&m=109698896104418&w=2
marc.info/?l=bugtraq&m=109900315219363&w=2
security.gentoo.org/glsa/glsa-200409-26.xml
www.kb.cert.org/vuls/id/847200
www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
www.novell.com/linux/security/advisories/2004_36_mozilla.html
www.securityfocus.com/bid/11171
www.us-cert.gov/cas/techalerts/TA04-261A.html
exchange.xforce.ibmcloud.com/vulnerabilities/17381
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952