CVE-2004-0903: Buffer Overflow
First published: Fri Sep 24 2004(Updated: )
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | =0.7.2 | |
| Conectiva Linux | =9.0 | |
| Mozilla Mozilla | =1.7 | |
| Mozilla Mozilla | =1.7.1 | |
| Mozilla Thunderbird | =0.7.3 | |
| Mozilla Thunderbird | =0.7 | |
| Conectiva Linux | =10.0 | |
| Mozilla Mozilla | =1.7.2 | |
| Mozilla Thunderbird | =0.7.1 | |
| Suse Suse Linux | =9.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Linux | =7.3 | |
| Redhat Enterprise Linux Desktop | =3.0 | |
| Suse Suse Linux | =9.0 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Suse Suse Linux | =8.2 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Suse Suse Linux | =8 | |
| Suse Suse Linux | =1.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Suse Suse Linux | =9.0 | |
| Redhat Fedora Core | =core_1.0 | |
| Redhat Linux | =7.3 | |
| Redhat Linux | =9.0 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Suse Suse Linux | =9.1 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Linux | =7.3 | |
| Redhat Enterprise Linux | =2.1 | |
| Suse Suse Linux | =8.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/414240
- http://www.securityfocus.com/bid/11174
- http://bugzilla.mozilla.org/show_bug.cgi?id=257314
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.us-cert.gov/cas/techalerts/TA04-261A.html
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
- collector/nvd-historical
- vendor/mozilla
- product/thunderbird
- canonical/mozilla thunderbird
- vendor/conectiva
- product/linux
- canonical/conectiva linux
- product/mozilla
- canonical/mozilla mozilla
- vendor/suse
- product/suse linux
- canonical/suse suse linux
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- canonical/redhat linux
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- product/fedora core
- canonical/redhat fedora core
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/references
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/mozilla thunderbird/0.7.2
- version/conectiva linux/9.0
- version/mozilla mozilla/1.7
- version/mozilla mozilla/1.7.1
- version/mozilla thunderbird/0.7.3
- version/mozilla thunderbird/0.7
- version/conectiva linux/10.0
- version/mozilla mozilla/1.7.2
- version/mozilla thunderbird/0.7.1
- version/suse suse linux/9.0
- version/redhat enterprise linux/2.1
- version/redhat linux/7.3
- version/redhat enterprise linux desktop/3.0
- version/redhat linux advanced workstation/2.1
- version/suse suse linux/8.2
- version/redhat enterprise linux/3.0
- version/suse suse linux/8
- version/suse suse linux/1.0
- version/redhat fedora core/core_1.0
- version/redhat linux/9.0
- version/suse suse linux/9.1
- version/suse suse linux/8.1