Lucene search

[email protected]CVE-2004-0906

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-0906

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0906

xpinstall installer

mozilla firefox

mozilla

thunderbird

insecure permissions

local users

arbitrary files

arbitrary code

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

36.4%

JSON

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

CPENameOperatorVersion
mozilla:mozillamozillaeq1.4.2
mozilla:mozillamozillaeq0.9.5
mozilla:thunderbirdmozilla thunderbirdeq0.6
mozilla:thunderbirdmozilla thunderbirdeq0.7.2
mozilla:mozillamozillaeq0.9.35
mozilla:thunderbirdmozilla thunderbirdeq0.3
mozilla:mozillamozillaeq0.9.3
mozilla:mozillamozillaeq1.0.1
mozilla:mozillamozillaeq1.7
mozilla:thunderbirdmozilla thunderbirdeq0.2

CPE	Name	Operator	Version
mozilla:mozilla	mozilla	eq	1.4.2
mozilla:mozilla	mozilla	eq	0.9.5
mozilla:thunderbird	mozilla thunderbird	eq	0.6
mozilla:thunderbird	mozilla thunderbird	eq	0.7.2
mozilla:mozilla	mozilla	eq	0.9.35
mozilla:thunderbird	mozilla thunderbird	eq	0.3
mozilla:mozilla	mozilla	eq	0.9.3
mozilla:mozilla	mozilla	eq	1.0.1
mozilla:mozilla	mozilla	eq	1.7
mozilla:thunderbird	mozilla thunderbird	eq	0.2

Rows per page:

1-10 of 411

References

bugzilla.mozilla.org/show_bug.cgi?id=231083

bugzilla.mozilla.org/show_bug.cgi?id=235781

secunia.com/advisories/12526/

security.gentoo.org/glsa/glsa-200409-26.xml

www.kb.cert.org/vuls/id/653160

www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

www.novell.com/linux/security/advisories/2004_36_mozilla.html

www.redhat.com/support/errata/RHSA-2005-323.html

www.securityfocus.com/bid/11192

exchange.xforce.ibmcloud.com/vulnerabilities/17375

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for CVE-2004-0906

openvas6 nessus5 gentoo1 redhat1 suse1