CVE-2004-0903
Description
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
18.826
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Mozilla Thunderbird 0.7.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 0.7 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 0.7.1 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 0.7.2 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 0.7.3 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-315938 | Mozilla Thunderbird (68.12.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234