NVD脆弱性詳細

CVE-2004-0903

概要	Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
公表日	2005年1月27日14:00
登録日	2021年1月29日18:00
最終更新日	2017年10月11日10:29

影響を受けるソフトウェアの構成

構成2	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
cpe:2.3:o:redhat:linux:7.3:::::::*
cpe:2.3:o:redhat:linux:7.3::i386:::::
cpe:2.3:o:redhat:linux:7.3::i686:::::
cpe:2.3:o:redhat:linux:9.0::i386:::::
cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
cpe:2.3:o:suse:suse_linux:1.0::desktop:::::
cpe:2.3:o:suse:suse_linux:8::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:8.1:::::::*
cpe:2.3:o:suse:suse_linux:8.2:::::::*
cpe:2.3:o:suse:suse_linux:9.0:::::::*
cpe:2.3:o:suse:suse_linux:9.0::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
cpe:2.3:o:suse:suse_linux:9.1:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://bugzilla.mozilla.org/show_bug.cgi?id=257314	CONFIRM	Vendor Advisory
2	http://marc.info/?l=bugtraq&m=109698896104418&w=2	HP
3	http://marc.info/?l=bugtraq&m=109900315219363&w=2	FEDORA
4	http://security.gentoo.org/glsa/glsa-200409-26.xml	GENTOO
5	http://www.kb.cert.org/vuls/id/414240	CERT-VN	Third Party Advisory US Government Resource
6	http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3	CONFIRM
7	http://www.novell.com/linux/security/advisories/2004_36_mozilla.html	SUSE
8	http://www.securityfocus.com/bid/11174	BID	Vendor Advisory
9	http://www.us-cert.gov/cas/techalerts/TA04-261A.html	CERT	US Government Resource
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/17380	XF
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873	OVAL

共通脆弱性一覧

構成2	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
cpe:2.3:o:redhat:linux:7.3:::::::*
cpe:2.3:o:redhat:linux:7.3::i386:::::
cpe:2.3:o:redhat:linux:7.3::i686:::::
cpe:2.3:o:redhat:linux:9.0::i386:::::
cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
cpe:2.3:o:suse:suse_linux:1.0::desktop:::::
cpe:2.3:o:suse:suse_linux:8::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:8.1:::::::*
cpe:2.3:o:suse:suse_linux:8.2:::::::*
cpe:2.3:o:suse:suse_linux:9.0:::::::*
cpe:2.3:o:suse:suse_linux:9.0::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
cpe:2.3:o:suse:suse_linux:9.1:::::::*