CVE-2004-0903
NONE EPSS 94.9%
Published Jan 27, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 27, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Threat Intelligence
EPSS Exploit Probability
94.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 34
| Vendor | Product | Version | Range |
|---|---|---|---|
| mozilla | mozilla | 1.7 | any |
| mozilla | mozilla | 1.7.1 | any |
| mozilla | mozilla | 1.7.2 | any |
| mozilla | thunderbird | 0.7 | any |
| mozilla | thunderbird | 0.7.1 | any |
| mozilla | thunderbird | 0.7.2 | any |
| mozilla | thunderbird | 0.7.3 | any |
| conectiva | linux | 9.0 | any |
| conectiva | linux | 10.0 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | fedora_core | core_1.0 | any |
| redhat | linux | 7.3 | any |
| redhat | linux | 7.3 | any |
| redhat | linux | 7.3 | any |
| redhat | linux | 9.0 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 8 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
References 11
- bugzilla.mozilla.org http://bugzilla.mozilla.org/show_bug.cgi?id=257314
- marc.info http://marc.info/?l=bugtraq&m=109698896104418&w=2
- marc.info http://marc.info/?l=bugtraq&m=109900315219363&w=2
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200409-26.xml
- kb.cert.org http://www.kb.cert.org/vuls/id/414240
- mozilla.org http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- novell.com http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- securityfocus.com http://www.securityfocus.com/bid/11174
- us-cert.gov http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.