10

CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaMozilla Version1.7
MozillaMozilla Version1.7.1
MozillaMozilla Version1.7.2
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
ConectivaLinux Version9.0
ConectivaLinux Version10.0
RedhatEnterprise Linux Version2.1 Editionadvanced_server
RedhatEnterprise Linux Version2.1 Editionadvanced_server_ia64
RedhatEnterprise Linux Version2.1 Editionenterprise_server
RedhatEnterprise Linux Version2.1 Editionenterprise_server_ia64
RedhatEnterprise Linux Version2.1 Editionworkstation
RedhatEnterprise Linux Version2.1 Editionworkstation_ia64
RedhatEnterprise Linux Version3.0 Editionadvanced_server
RedhatEnterprise Linux Version3.0 Editionenterprise_server
RedhatEnterprise Linux Version3.0 Editionworkstation_server
RedhatFedora Core Versioncore_1.0
RedhatLinux Version7.3
RedhatLinux Version7.3 Editioni386
RedhatLinux Version7.3 Editioni686
RedhatLinux Version9.0 Editioni386
RedhatLinux Advanced Workstation Version2.1 Editionia64
RedhatLinux Advanced Workstation Version2.1 Editionitanium_processor
SuseSuse Linux Version1.0 Editiondesktop
SuseSuse Linux Version8 Editionenterprise_server
SuseSuse Linux Version8.1
SuseSuse Linux Version8.2
SuseSuse Linux Version9.0
SuseSuse Linux Version9.0 Editionenterprise_server
SuseSuse Linux Version9.0 Editionx86_64
SuseSuse Linux Version9.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.75% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://marc.info/?l=bugtraq&m=109698896104418&w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
US Government Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=257314
Vendor Advisory
http://www.kb.cert.org/vuls/id/414240
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/11174
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873