6.7 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.4%
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
bugzilla.mozilla.org/show_bug.cgi?id=231083
bugzilla.mozilla.org/show_bug.cgi?id=235781
secunia.com/advisories/12526/
security.gentoo.org/glsa/glsa-200409-26.xml
www.kb.cert.org/vuls/id/653160
www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
www.novell.com/linux/security/advisories/2004_36_mozilla.html
www.redhat.com/support/errata/RHSA-2005-323.html
www.securityfocus.com/bid/11192
exchange.xforce.ibmcloud.com/vulnerabilities/17375
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668