The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugzilla.mozilla.org/show_bug.cgi?id=231083 - Patch | |
References | () http://bugzilla.mozilla.org/show_bug.cgi?id=235781 - Patch | |
References | () http://secunia.com/advisories/12526/ - | |
References | () http://security.gentoo.org/glsa/glsa-200409-26.xml - | |
References | () http://www.kb.cert.org/vuls/id/653160 - Third Party Advisory, US Government Resource | |
References | () http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 - | |
References | () http://www.novell.com/linux/security/advisories/2004_36_mozilla.html - Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2005-323.html - | |
References | () http://www.securityfocus.com/bid/11192 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/17375 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668 - |
Information
Published : 2004-12-31 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-0906
Mitre link : CVE-2004-0906
CVE.ORG link : CVE-2004-0906
JSON object : View
Products Affected
mozilla
- mozilla
- thunderbird
CWE