Unrated severityNVD Advisory· Published Jan 27, 2005· Updated Apr 16, 2026

CVE-2004-0903

Description

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Affected products

Red Hat/Linux4 versions
cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*
- cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
SUSE S.A./Linux8 versions
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
Mozilla Corporation/Mozilla3 versions
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
Mozilla Corporation/Thunderbird4 versions
cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
Conectiva/Linux2 versions
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux9 versions
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*+ 8 more
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Red Hat/Fedora Core
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
Red Hat/Linux Advanced Workstation2 versions
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cginvdVendor Advisory
www.kb.cert.org/vuls/id/414240nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/11174nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA04-261A.htmlnvdUS Government Resource
marc.infonvd
marc.infonvd
security.gentoo.org/glsa/glsa-200409-26.xmlnvd
www.mozilla.org/projects/security/known-vulnerabilities.htmlnvd
www.novell.com/linux/security/advisories/2004_36_mozilla.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/17380nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.015
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000