• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability

Mozilla Browser is reported prone to a remote buffer overflow vulnerability when processing malicious vcard files. This issue presents itself due to insufficient boundary checks performed by the application and may allow a remote attacker to gain unauthorized access to a vulnerable computer.

It is reported that the issue originates in the 'nsVCardObj.cpp' file and may allow an attacker to overflow a finite buffer by creating a malformed vcard (vcf) file and sending the file to a vulnerable user in email. Reportedly, this issue occurs when the mail is previewed in the browser.

These vulnerabilities were researched on Mozilla 1.7, however, other versions may be affected as well. Thunderbird 0.7 was tested as well.