CVE-2004-0903

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Linux; Mozilla
Vendor: CVE Published:; 27 January 2005

Summary

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

References

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/17380

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=109900315219363&w=2

vendor-advisoryx_refsource_FEDORA

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 27, 2005
Vulnerability Reserved
Sep 23, 2004