CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Published: Jan 27, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0903
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	0.7.2	0.7.2.x
conectiva / linux	9.0	9.0.x
mozilla / mozilla	1.7	1.7.x
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / thunderbird	0.7.3	0.7.3.x
mozilla / thunderbird	0.7	0.7.x
conectiva / linux	10.0	10.0.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / thunderbird	0.7.1	0.7.1.x
suse / suse_linux	9.0	9.0.x
redhat / enterprise_linux	2.1	2.1.x
redhat / linux	7.3	7.3.x
redhat / enterprise_linux_desktop	3.0	3.0.x
redhat / linux_advanced_workstation	2.1	2.1.x
suse / suse_linux	8.2	8.2.x
redhat / enterprise_linux	3.0	3.0.x
suse / suse_linux	8	8.x
suse / suse_linux	1.0	1.0.x
redhat / fedora_core	core_1.0	core_1.0.x
redhat / linux	9.0	9.0.x
suse / suse_linux	9.1	9.1.x
suse / suse_linux	8.1	8.1.x

Vulnerability Database

289,599

CVE-2004-0903