CVE-2004-0903

Mozilla Firefox Mozilla and Thunderbird - Stack-based Buffer Overflow via Malformed VCard Attachment

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
Mailing List vendor-advisory x_refsource_fedora
http://marc.info/?l=bugtraq&m=109900315219363&w=2
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/414240
Vendor Advisory x_refsource_confirm
http://bugzilla.mozilla.org/show_bug.cgi?id=257314
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200409-26.xml
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11174
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=109698896104418&w=2

Scores

EPSS 0.1883
EPSS Percentile 95.4%

Details

Status published
Products (22)
conectiva/linux 9.0
conectiva/linux 10.0
mozilla/mozilla 1.7
mozilla/mozilla 1.7.1
mozilla/mozilla 1.7.2
mozilla/thunderbird 0.7
mozilla/thunderbird 0.7.1
mozilla/thunderbird 0.7.2
mozilla/thunderbird 0.7.3
redhat/enterprise_linux 2.1 (6 CPE variants)
... and 12 more
Published Jan 27, 2005
Tracked Since Feb 18, 2026