CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

• http://bugzilla.mozilla.org/show_bug.cgi?id=257314Vendor Advisory
• http://marc.info/?l=bugtraq&m=109698896104418&w=2
• http://marc.info/?l=bugtraq&m=109900315219363&w=2
• http://security.gentoo.org/glsa/glsa-200409-26.xml
• http://www.kb.cert.org/vuls/id/414240Third Party Advisory, US Government Resource
• http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
• http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
• http://www.securityfocus.com/bid/11174Vendor Advisory
• http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
• https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
• http://bugzilla.mozilla.org/show_bug.cgi?id=257314Vendor Advisory
• http://marc.info/?l=bugtraq&m=109698896104418&w=2
• http://marc.info/?l=bugtraq&m=109900315219363&w=2
• http://security.gentoo.org/glsa/glsa-200409-26.xml
• http://www.kb.cert.org/vuls/id/414240Third Party Advisory, US Government Resource
• http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
• http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
• http://www.securityfocus.com/bid/11174Vendor Advisory
• http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
• https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873

Published

Jan 27, 2005

Last Modified

Jun 16, 2026

Status

Modified