ID CVE-2004-0903
Summary Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:09:32.576-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
family unix
id oval:org.mitre.oval:def:10873
status accepted
submitted 2010-07-09T03:56:16-04:00
title Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
version 29
refmap via4
bid 11174
cert TA04-261A
cert-vn VU#414240
confirm
fedora FLSA:2089
gentoo GLSA-200409-26
hp SSRT4826
suse SUSE-SA:2004:036
xf mozilla-netscape-nsvcardobj-bo(17380)
Last major update 11-10-2017 - 01:29
Published 27-01-2005 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top