CVE-2004-0903

NONE EPSS 94.9%
Published Jan 27, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 27, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Threat Intelligence

EPSS Exploit Probability
94.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 34

VendorProductVersionRange
mozillamozilla1.7any
mozillamozilla1.7.1any
mozillamozilla1.7.2any
mozillathunderbird0.7any
mozillathunderbird0.7.1any
mozillathunderbird0.7.2any
mozillathunderbird0.7.3any
conectivalinux9.0any
conectivalinux10.0any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux_desktop3.0any
redhatfedora_corecore_1.0any
redhatlinux7.3any
redhatlinux7.3any
redhatlinux7.3any
redhatlinux9.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
susesuse_linux1.0any
susesuse_linux8any
susesuse_linux8.1any
susesuse_linux8.2any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any

References 11

  • bugzilla.mozilla.org http://bugzilla.mozilla.org/show_bug.cgi?id=257314
    Vendor Advisory
  • marc.info http://marc.info/?l=bugtraq&m=109698896104418&w=2
  • marc.info http://marc.info/?l=bugtraq&m=109900315219363&w=2
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200409-26.xml
  • kb.cert.org http://www.kb.cert.org/vuls/id/414240
    Third Party AdvisoryUS Government Resource
  • mozilla.org http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
  • novell.com http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
  • securityfocus.com http://www.securityfocus.com/bid/11174
    Vendor Advisory
  • us-cert.gov http://www.us-cert.gov/cas/techalerts/TA04-261A.html
    US Government Resource
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.