CVE-2004-0903

5 documents5 sources
Severity
10.0CRITICAL
EPSS
18.8%
top 4.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Conectiva LinuxMozilla MozillaMozilla Thunderbird+6 more
Timeline
PublishedJan 27
Latest updateApr 29

Description

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages8 packages

NVDmozilla/thunderbird4 versions+3
NVDmozilla/mozilla1.7, 1.7.1, 1.7.2+2
NVDredhat/linux7.3, 9.0+1
NVDconectiva/linux10.0, 9.0+1
NVDsuse/suse_linux6 versions+5

Also affects: Enterprise Linux 2.1, 3.0

🔴Vulnerability Details

2
GHSA
GHSA-q3j6-xfjj-26q5: Stack-based buffer overflow in the writeGroup function in nsVCardObj2022-04-29
CVEList
CVE-2004-0903: Stack-based buffer overflow in the writeGroup function in nsVCardObj2004-09-24

📋Vendor Advisories

1
Red Hat
security flaw2004-08-29

💬Community

1
Bugzilla
CVE-2004-0903 security flaw2018-08-16
CVE-2004-0903 (CRITICAL CVSS 10) | Stack-based buffer overflow in the | cvebase.io