CVE-2004-0906

Sažetak

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=231083
http://bugzilla.mozilla.org/show_bug.cgi?id=235781
http://secunia.com/advisories/12526/
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.kb.cert.org/vuls/id/653160
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-323.html
http://www.securityfocus.com/bid/11192
https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

31-12-2004 - 05:00