10

CVE-2004-0903

EPSS 18.83%
Published 27.01.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Mozilla Version1.7

Mozilla ≫ Mozilla Version1.7.1

Mozilla ≫ Mozilla Version1.7.2

Mozilla ≫ Thunderbird Version0.7

Mozilla ≫ Thunderbird Version0.7.1

Mozilla ≫ Thunderbird Version0.7.2

Mozilla ≫ Thunderbird Version0.7.3

Conectiva ≫ Linux Version9.0

Conectiva ≫ Linux Version10.0

Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server

Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server_ia64

Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server

Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server_ia64

Redhat ≫ Enterprise Linux Version2.1 Editionworkstation

Redhat ≫ Enterprise Linux Version2.1 Editionworkstation_ia64

Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_server

Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server

Redhat ≫ Enterprise Linux Version3.0 Editionworkstation_server

Redhat ≫ Enterprise Linux Desktop Version3.0

Redhat ≫ Fedora Core Versioncore_1.0

Redhat ≫ Linux Version7.3

Redhat ≫ Linux Version7.3 Editioni386

Redhat ≫ Linux Version7.3 Editioni686

Redhat ≫ Linux Version9.0 Editioni386

Redhat ≫ Linux Advanced Workstation Version2.1 Editionia64

Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium_processor

Suse ≫ Suse Linux Version1.0 Editiondesktop

Suse ≫ Suse Linux Version8 Editionenterprise_server

Suse ≫ Suse Linux Version8.1

Suse ≫ Suse Linux Version8.2

Suse ≫ Suse Linux Version9.0

Suse ≫ Suse Linux Version9.0 Editionenterprise_server

Suse ≫ Suse Linux Version9.0 Editionx86_64

Suse ≫ Suse Linux Version9.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.83%	0.947

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://marc.info/?l=bugtraq&m=109698896104418&w=2

http://security.gentoo.org/glsa/glsa-200409-26.xml

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

http://www.us-cert.gov/cas/techalerts/TA04-261A.html

US Government Resource

http://bugzilla.mozilla.org/show_bug.cgi?id=257314

Vendor Advisory

http://www.kb.cert.org/vuls/id/414240

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/11174

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17380

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873

https://nvd.nist.gov/vuln/detail/CVE-2004-0903

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0903

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0903

EUVD