关于 CVE-2005-0255 的漏洞信息

1. 漏洞描述
From NVD
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
From 神龙GPT (AIGC)
在Mozilla 1.7.3、Firefox 1.0 和 thunderbird 1.0.2 之前,例如 nsTSubstring_CharT::Replace 函数,字符串处理函数未能正确检查其他 resize 字符串 函数的返回值,这允许远程攻击者通过强制一个内存不足的状态,导致内存分配失败,并返回一个固定地址的指针,这会导致堆损坏。
2. 漏洞评分(CVSS)
From NVD
NVD 暂无评分
From 神龙GPT (AIGC)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3. 漏洞类别
From NVD
NVD 暂无漏洞类别信息
From 神龙GPT (AIGC)
神龙GPT 暂无漏洞类别信息(请耐心等待)
Reference