Vulnerability Description
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla | 1.7 |
| Mozilla | Thunderbird | 0.7 |
| Conectiva | Linux | 9.0 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_1.0 |
| Redhat | Linux | 7.3 |
| Redhat | Linux Advanced Workstation | 2.1 |
| Suse | Suse Linux | 1.0 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=257314Vendor Advisory
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/414240Third Party AdvisoryUS Government Resource
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.securityfocus.com/bid/11174Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://bugzilla.mozilla.org/show_bug.cgi?id=257314Vendor Advisory
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://security.gentoo.org/glsa/glsa-200409-26.xml
FAQ
What is CVE-2004-0903?
CVE-2004-0903 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to exe...
How severe is CVE-2004-0903?
CVE-2004-0903 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0903?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Mozilla, Mozilla Thunderbird, Conectiva Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.