CVE-2004-0903

2005-01-2705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

0903

stack-based buffer overflow

nsvcardobj.cpp

mozilla firefox

thunderbird

remote code execution

vcard attachments

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.116 Low

EPSS

Percentile

95.2%

JSON

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdeq0.7.2
conectiva:linuxconectiva linuxeq9.0
mozilla:mozillamozillaeq1.7
mozilla:mozillamozillaeq1.7.1
mozilla:thunderbirdmozilla thunderbirdeq0.7.3
mozilla:thunderbirdmozilla thunderbirdeq0.7
conectiva:linuxconectiva linuxeq10.0
mozilla:mozillamozillaeq1.7.2
mozilla:thunderbirdmozilla thunderbirdeq0.7.1
suse:suse_linuxsuse suse linuxeq9.0

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	eq	0.7.2
conectiva:linux	conectiva linux	eq	9.0
mozilla:mozilla	mozilla	eq	1.7
mozilla:mozilla	mozilla	eq	1.7.1
mozilla:thunderbird	mozilla thunderbird	eq	0.7.3
mozilla:thunderbird	mozilla thunderbird	eq	0.7
conectiva:linux	conectiva linux	eq	10.0
mozilla:mozilla	mozilla	eq	1.7.2
mozilla:thunderbird	mozilla thunderbird	eq	0.7.1
suse:suse_linux	suse suse linux	eq	9.0