Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0903 | First vendor Publication | 2005-01-27 |
Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0903 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10873 | |||
Oval ID: | oval:org.mitre.oval:def:10873 | ||
Title: | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | ||
Description: | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0903 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla) File : nvt/glsa_200409_26.nasl |
2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird4.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9966 | Mozilla Multiple Products nsVCardObj.cpp writeGroup() Function Overflow A local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da690355115911d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2004-10-20 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-107.nasl - Type : ACT_GATHER_INFO |
2004-10-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-486.nasl - Type : ACT_GATHER_INFO |
2004-09-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-26.nasl - Type : ACT_GATHER_INFO |
2004-09-15 | Name : The remote host has an application that is affected by multiple flaws. File : thunderbird_multiple_flaws.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:02:37 |
|
2024-02-01 12:01:33 |
|
2023-09-05 12:02:30 |
|
2023-09-05 01:01:25 |
|
2023-09-02 12:02:31 |
|
2023-09-02 01:01:24 |
|
2023-08-12 12:03:03 |
|
2023-08-12 01:01:25 |
|
2023-08-11 12:02:37 |
|
2023-08-11 01:01:26 |
|
2023-08-06 12:02:25 |
|
2023-08-06 01:01:26 |
|
2023-08-04 12:02:29 |
|
2023-08-04 01:01:26 |
|
2023-07-14 12:02:28 |
|
2023-07-14 01:01:27 |
|
2023-03-29 01:02:29 |
|
2023-03-28 12:01:31 |
|
2022-10-11 12:02:12 |
|
2022-10-11 01:01:18 |
|
2021-05-04 12:02:25 |
|
2021-04-22 01:02:34 |
|
2020-05-23 00:15:54 |
|
2019-06-25 12:01:01 |
|
2017-10-11 09:23:24 |
|
2017-07-11 12:01:31 |
|
2016-10-18 12:01:23 |
|
2016-04-26 12:54:01 |
|
2014-02-17 10:28:06 |
|
2013-05-11 11:43:17 |
|