CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://bugzilla.mozilla.org/show_bug.cgi?id=257314 - Vendor Advisory () http://bugzilla.mozilla.org/show_bug.cgi?id=257314 - Vendor Advisory
References () http://marc.info/?l=bugtraq&m=109698896104418&w=2 - () http://marc.info/?l=bugtraq&m=109698896104418&w=2 -
References () http://marc.info/?l=bugtraq&m=109900315219363&w=2 - () http://marc.info/?l=bugtraq&m=109900315219363&w=2 -
References () http://security.gentoo.org/glsa/glsa-200409-26.xml - () http://security.gentoo.org/glsa/glsa-200409-26.xml -
References () http://www.kb.cert.org/vuls/id/414240 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/414240 - Third Party Advisory, US Government Resource
References () http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 - () http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 -
References () http://www.novell.com/linux/security/advisories/2004_36_mozilla.html - () http://www.novell.com/linux/security/advisories/2004_36_mozilla.html -
References () http://www.securityfocus.com/bid/11174 - Vendor Advisory () http://www.securityfocus.com/bid/11174 - Vendor Advisory
References () http://www.us-cert.gov/cas/techalerts/TA04-261A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA04-261A.html - US Government Resource
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 -

Information

Published : 2005-01-27 05:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-0903

Mitre link : CVE-2004-0903

CVE.ORG link : CVE-2004-0903


JSON object : View

Products Affected

conectiva

  • linux

redhat

  • linux
  • linux_advanced_workstation
  • fedora_core
  • enterprise_linux
  • enterprise_linux_desktop

mozilla

  • thunderbird
  • mozilla

suse

  • suse_linux