Lucene search

MitreCVE-2004-0903

HistoryJan 27, 2005 - 5:00 a.m.

CVE-2004-0903

2005-01-2705:00:00

mitre

web.nvd.nist.gov

cve

2004

0903

stack-based buffer overflow

nsvcardobj.cpp

mozilla firefox

thunderbird

remote code execution

vcard attachments

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.116

Percentile

95.3%

JSON

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Affected configurations

Nvd

Node

mozillamozillaMatch1.7

mozillamozillaMatch1.7.1

mozillamozillaMatch1.7.2

mozillathunderbirdMatch0.7

mozillathunderbirdMatch0.7.1

mozillathunderbirdMatch0.7.2

mozillathunderbirdMatch0.7.3

conectivalinuxMatch9.0

conectivalinuxMatch10.0

Node

redhatenterprise_linuxMatch2.1advanced_server

redhatenterprise_linuxMatch2.1advanced_server_ia64

redhatenterprise_linuxMatch2.1enterprise_server

redhatenterprise_linuxMatch2.1enterprise_server_ia64

redhatenterprise_linuxMatch2.1workstation

redhatenterprise_linuxMatch2.1workstation_ia64

redhatenterprise_linuxMatch3.0advanced_server

redhatenterprise_linuxMatch3.0enterprise_server

redhatenterprise_linuxMatch3.0workstation_server

redhatenterprise_linux_desktopMatch3.0

redhatfedora_coreMatchcore_1.0

redhatlinuxMatch7.3

redhatlinuxMatch7.3i386

redhatlinuxMatch7.3i686

redhatlinuxMatch9.0i386

redhatlinux_advanced_workstationMatch2.1ia64

redhatlinux_advanced_workstationMatch2.1itanium_processor

susesuse_linuxMatch1.0desktop

susesuse_linuxMatch8enterprise_server

susesuse_linuxMatch8.1

susesuse_linuxMatch8.2

susesuse_linuxMatch9.0

susesuse_linuxMatch9.0enterprise_server

susesuse_linuxMatch9.0x86_64

susesuse_linuxMatch9.1

VendorProductVersionCPE
mozillamozilla1.7cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
mozillamozilla1.7.1cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
mozillamozilla1.7.2cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
mozillathunderbird0.7cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
mozillathunderbird0.7.1cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
mozillathunderbird0.7.2cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
mozillathunderbird0.7.3cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
conectivalinux9.0cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
conectivalinux10.0cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
mozilla	mozilla	1.7.1	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
mozilla	mozilla	1.7.2	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
mozilla	thunderbird	0.7	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
mozilla	thunderbird	0.7.1	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
mozilla	thunderbird	0.7.2	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
mozilla	thunderbird	0.7.3	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
conectiva	linux	9.0	cpe:2.3:o:conectiva:linux:9.0:::::::*
conectiva	linux	10.0	cpe:2.3:o:conectiva:linux:10.0:::::::*
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::