Stack-based Buffer Overflow in Mozilla Firefox and Thunderbird Products
CVE-2004-0903

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Linux; Mozilla
Vendor: CVE Published:; 27 January 2005

What is CVE-2004-0903?

A stack-based buffer overflow exists in the writeGroup function of nsVCardObj.cpp, affecting certain releases of Mozilla Firefox and Thunderbird. This vulnerability can allow remote attackers to execute arbitrary code by sending specially crafted VCard attachments. If a user opens an email containing such a malformed VCard, the application fails to handle it properly during the preview, leading to potential system compromise.

References

http://www.novell.com/linux/security/advisories/2004_36_m...

vendor-advisoryx_refsource_SUSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/17380

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=109900315219363&w=2

vendor-advisoryx_refsource_FEDORA

EPSS Score

18% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2005
Vulnerability Reserved
Sep 23, 2004