ID CVE-2004-0903 Type cve Reporter NVD Modified 2017-10-10T21:29:37
Description
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
{"result": {"nessus": [{"id": "FREEBSD_PKG_DA690355115911D9BC4A000C41E2CDAD.NASL", "type": "nessus", "title": "FreeBSD : mozilla -- vCard stack buffer overflow (da690355-1159-11d9-bc4a-000c41e2cdad)", "description": "Georgi Guninski discovered a stack-based buffer overflow which may be triggered when viewing email messages with vCard attachments.", "published": "2005-07-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19141", "cvelist": ["CVE-2004-0903"], "lastseen": "2017-10-29T13:33:32"}, {"id": "THUNDERBIRD_MULTIPLE_FLAWS.NASL", "type": "nessus", "title": "Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities", "description": "The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent.\n\nThe remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.\n\nTo exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host.", "published": "2004-09-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14729", "cvelist": ["CVE-2004-0903", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-10-29T13:45:43"}, {"id": "REDHAT-RHSA-2004-486.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:486)", "description": "Updated mozilla packages that fix a number of security issues are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a JavaScript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way JavaScript interacts with the clipboard. It is possible that an attacker could use malicious JavaScript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the 'Send Page' feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.", "published": "2004-10-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15409", "cvelist": ["CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-10-29T13:39:28"}, {"id": "GENTOO_GLSA-200409-26.NASL", "type": "nessus", "title": "GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities)\n\n Mozilla-based products are vulnerable to multiple security issues.\n Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns.\n Several issues were found and fixed in JavaScript rights handling:\n untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses.\n Impact :\n\n An attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially crafted BMP image or VCard, use the 'Send Page' function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog.\n Workaround :\n\n There is no known workaround covering all vulnerabilities.", "published": "2004-09-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14781", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0907", "CVE-2004-0904"], "lastseen": "2017-10-29T13:38:43"}, {"id": "MANDRAKE_MDKSA-2004-107.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)", "description": "A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 :\n\n - 'Send page' heap overrun\n\n - JavaScript clipboard access\n\n - buffer overflow when displaying VCard\n\n - BMP integer overflow\n\n - javascript: link dragging\n\n - Malicious POP3 server III\n\nThe details of all of these vulnerabilities are available from the Mozilla website.", "published": "2004-10-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15521", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-10-29T13:32:53"}], "openvas": [{"id": "OPENVAS:52369", "type": "openvas", "title": "FreeBSD Ports: thunderbird", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52369", "cvelist": ["CVE-2004-0903"], "lastseen": "2017-07-02T21:10:14"}, {"id": "OPENVAS:65278", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65278", "cvelist": ["CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2017-07-26T08:55:18"}, {"id": "OPENVAS:136141256231065278", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-irc\n mozilla-venkman\n mozilla\n mozilla-calendar\n mozilla-mail\n mozilla-dom-inspector\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065278", "cvelist": ["CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0904"], "lastseen": "2018-04-06T11:37:34"}, {"id": "OPENVAS:54682", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200409-26 (Mozilla)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-26.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54682", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0907", "CVE-2004-0904"], "lastseen": "2017-07-24T12:49:44"}], "freebsd": [{"id": "DA690355-1159-11D9-BC4A-000C41E2CDAD", "type": "freebsd", "title": "mozilla -- vCard stack buffer overflow", "description": "\nGeorgi Guninski discovered a stack buffer overflow which\n\t may be triggered when viewing email messages with vCard\n\t attachments.\n", "published": "2004-09-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/da690355-1159-11d9-bc4a-000c41e2cdad.html", "cvelist": ["CVE-2004-0903"], "lastseen": "2016-09-26T17:25:20"}], "osvdb": [{"id": "OSVDB:9966", "type": "osvdb", "title": "Mozilla Multiple Product nsVCardObj.cpp writeGroup() Function Overflow", "description": "## Vulnerability Description\nA local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity.\n## Solution Description\nFor Mozilla.org products, upgrade to Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8 or higher, as these have been confirmed to fix this vulnerability. An upgrade is required as there are no known workarounds.\n\nFor Netscape products, there are currently no known upgrades or patches available to correct this issue. It is possible to mitigate the flaw by disabling the preview pane in Netscape Mail & News. This will help avoid automatic exploitation upon receiving a malicious vCard; however, it will not prevent exploitation if the malicious vCard is viewed via a Netscape product by some other method, such as opening the message normally.\n## Short Description\nA local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity.\n## References:\nVendor URL: http://www.mozilla.org/\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=257314)\nSecurity Tracker: 1011317\nSecurity Tracker: 1011316\nSecurity Tracker: 1011318\n[Secunia Advisory ID:12526](https://secuniaresearch.flexerasoftware.com/advisories/12526/)\n[Secunia Advisory ID:12535](https://secuniaresearch.flexerasoftware.com/advisories/12535/)\n[Secunia Advisory ID:12698](https://secuniaresearch.flexerasoftware.com/advisories/12698/)\n[Secunia Advisory ID:12742](https://secuniaresearch.flexerasoftware.com/advisories/12742/)\n[Secunia Advisory ID:12607](https://secuniaresearch.flexerasoftware.com/advisories/12607/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-26.xml\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-486.html\n[CVE-2004-0903](https://vulners.com/cve/CVE-2004-0903)\n", "published": "2004-08-29T15:51:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:9966", "cvelist": ["CVE-2004-0903"], "lastseen": "2017-04-28T13:20:05"}], "redhat": [{"id": "RHSA-2004:486", "type": "redhat", "title": "(RHSA-2004:486) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nJesse Ruderman discovered a cross-domain scripting bug in Mozilla. If\na user is tricked into dragging a javascript link into another frame or\npage, it becomes possible for an attacker to steal or modify sensitive\ninformation from that site. Additionally, if a user is tricked into\ndragging two links in sequence to another window (not frame), it is\npossible for the attacker to execute arbitrary commands. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0905 to this issue.\n\nGael Delalleau discovered an integer overflow which affects the BMP\nhandling code inside Mozilla. An attacker could create a carefully crafted\nBMP file in such a way that it would cause Mozilla to crash or execute\narbitrary code when the image is viewed. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to\nthis issue.\n\nGeorgi Guninski discovered a stack-based buffer overflow in the vCard\ndisplay routines. An attacker could create a carefully crafted vCard file\nin such a way that it would cause Mozilla to crash or execute arbitrary\ncode when viewed. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.\n\nWladimir Palant discovered a flaw in the way javascript interacts with\nthe clipboard. It is possible that an attacker could use malicious\njavascript code to steal sensitive data which has been copied into the\nclipboard. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.\n\nGeorgi Guninski discovered a heap based buffer overflow in the \"Send\nPage\" feature. It is possible that an attacker could construct a link in\nsuch a way that a user attempting to forward it could result in a crash or\narbitrary code execution. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.\n\nUsers of Mozilla should update to these updated packages, which contain\nbackported patches and are not vulnerable to these issues.", "published": "2004-09-30T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2004:486", "cvelist": ["CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0908"], "lastseen": "2018-03-14T15:44:00"}], "gentoo": [{"id": "GLSA-200409-26", "type": "gentoo", "title": "Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities", "description": "### Background\n\nMozilla is a popular web browser that includes a mail and newsreader. Epiphany is a web browser that uses Gecko, the Mozilla rendering engine. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. \n\n### Description\n\nMozilla-based products are vulnerable to multiple security issues. Firstly routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the \"Send Page\" function, and links with non-ASCII hostnames could both cause heap buffer overruns. \n\nSeveral issues were found and fixed in JavaScript rights handling: untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses. \n\n### Impact\n\nAn attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially-crafted BMP image or VCard, use the \"Send Page\" function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog. \n\n### Workaround\n\nThere is no known workaround covering all vulnerabilities. \n\n### Resolution\n\nAll users should upgrade to the latest stable version: \n \n \n # emerge sync\n \n # emerge -pv your-version\n # emerge your-version", "published": "2004-09-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200409-26", "cvelist": ["CVE-2004-0909", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0907", "CVE-2004-0904"], "lastseen": "2016-09-06T19:46:42"}], "suse": [{"id": "SUSE-SA:2004:036", "type": "suse", "title": "various vulnerabilities in mozilla", "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "published": "2004-10-06T13:11:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "cvelist": ["CVE-2004-0909", "CVE-2004-0765", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0904", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-04-13T01:00:44"}]}}