Stack-based Buffer Overflow in Mozilla Firefox and Thunderbird Products
CVE-2004-0903

Currently unrated

Key Information:

Vendor
Mozilla
Status
Thunderbird
Linux
Mozilla
Vendor
CVE Published:
27 January 2005

Summary

A stack-based buffer overflow exists in the writeGroup function of nsVCardObj.cpp, affecting certain releases of Mozilla Firefox and Thunderbird. This vulnerability can allow remote attackers to execute arbitrary code by sending specially crafted VCard attachments. If a user opens an email containing such a malformed VCard, the application fails to handle it properly during the preview, leading to potential system compromise.

References

http://www.novell.com/linux/security/advisories/2004_36_m...
vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
vdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=109900315219363&w=2
vendor-advisoryx_refsource_FEDORA

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2004-0903 : Stack-based Buffer Overflow in Mozilla Firefox and Thunderbird Products | SecurityVulnerability.io