CVE-2004-0762

Sažetak

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://secunia.com/advisories/11999/
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/15495
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
https://exchange.xforce.ibmcloud.com/vulnerabilities/16623
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

18-08-2004 - 04:00