CVE-2004-0903: Buffer Overflow
First published: Fri Sep 24 2004(Updated: )
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | =0.7.2 | |
| Conectiva Linux | =9.0 | |
| Mozilla Mozilla | =1.7 | |
| Mozilla Mozilla | =1.7.1 | |
| Mozilla Thunderbird | =0.7.3 | |
| Mozilla Thunderbird | =0.7 | |
| Conectiva Linux | =10.0 | |
| Mozilla Mozilla | =1.7.2 | |
| Mozilla Thunderbird | =0.7.1 | |
| SUSE Linux | =9.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Linux | =7.3 | |
| redhat enterprise Linux desktop | =3.0 | |
| SUSE Linux | =9.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| SUSE Linux | =8.2 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| SUSE Linux | =8 | |
| SUSE Linux | =1.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| SUSE Linux | =9.0 | |
| Red Hat Fedora Core | =core_1.0 | |
| Red Hat Linux | =7.3 | |
| Red Hat Linux | =9.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| SUSE Linux | =9.1 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Linux | =7.3 | |
| Red Hat Enterprise Linux | =2.1 | |
| SUSE Linux | =8.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/414240
- http://www.securityfocus.com/bid/11174
- http://bugzilla.mozilla.org/show_bug.cgi?id=257314
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
Frequently Asked Questions
What is the severity of CVE-2004-0903?
CVE-2004-0903 is classified as a critical vulnerability due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2004-0903?
To address CVE-2004-0903, update your Mozilla Firefox, Mozilla, or Thunderbird applications to the latest versions where the vulnerability has been patched.
What specific software is affected by CVE-2004-0903?
CVE-2004-0903 affects Mozilla Firefox versions before the Preview Release, Mozilla versions prior to 1.7.3, and Thunderbird versions before 0.8.
How can attackers exploit CVE-2004-0903?
Attackers can exploit CVE-2004-0903 by sending malformed VCard attachments that trigger a stack-based buffer overflow when previewed.
What symptoms indicate a system compromise due to CVE-2004-0903?
Indicators of compromise from CVE-2004-0903 may include unexpected system behavior, crashes, or unauthorized program execution after handling specific VCard files.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/mozilla
- product/thunderbird
- canonical/mozilla thunderbird
- vendor/conectiva
- product/linux
- canonical/conectiva linux
- product/mozilla
- canonical/mozilla mozilla
- vendor/suse
- product/suse linux
- canonical/suse suse linux
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- canonical/redhat linux
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- product/fedora core
- canonical/redhat fedora core
- agent/software-canonical-lookup-request
- collector/nvd-index
- version/mozilla thunderbird/0.7.2
- version/conectiva linux/9.0
- version/mozilla mozilla/1.7
- version/mozilla mozilla/1.7.1
- version/mozilla thunderbird/0.7.3
- version/mozilla thunderbird/0.7
- version/conectiva linux/10.0
- version/mozilla mozilla/1.7.2
- version/mozilla thunderbird/0.7.1
- canonical/suse linux
- version/suse linux/9.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- canonical/red hat linux
- version/red hat linux/7.3
- version/redhat enterprise linux desktop/3.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- version/suse linux/8.2
- version/red hat enterprise linux/3.0
- version/suse linux/8
- version/suse linux/1.0
- canonical/red hat fedora core
- version/red hat fedora core/core_1.0
- version/red hat linux/9.0
- version/suse linux/9.1
- version/suse linux/8.1