Vulnerability Details CVE-2004-0906
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.0%
CVSS Severity
CVSS v2 Score 4.6
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=231083
- http://bugzilla.mozilla.org/show_bug.cgi?id=235781
- http://secunia.com/advisories/12526/
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/653160
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.securityfocus.com/bid/11192
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668
- http://bugzilla.mozilla.org/show_bug.cgi?id=231083
- http://bugzilla.mozilla.org/show_bug.cgi?id=235781
- http://secunia.com/advisories/12526/
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.kb.cert.org/vuls/id/653160
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.securityfocus.com/bid/11192
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668
Products affected by CVE-2004-0906
-
cpe:2.3:a:mozilla:mozilla:0.8
-
cpe:2.3:a:mozilla:mozilla:0.9.2
-
cpe:2.3:a:mozilla:mozilla:0.9.2.1
-
cpe:2.3:a:mozilla:mozilla:0.9.3
-
cpe:2.3:a:mozilla:mozilla:0.9.35
-
cpe:2.3:a:mozilla:mozilla:0.9.4
-
cpe:2.3:a:mozilla:mozilla:0.9.4.1
-
cpe:2.3:a:mozilla:mozilla:0.9.48
-
cpe:2.3:a:mozilla:mozilla:0.9.5
-
cpe:2.3:a:mozilla:mozilla:0.9.6
-
cpe:2.3:a:mozilla:mozilla:0.9.7
-
cpe:2.3:a:mozilla:mozilla:0.9.8
-
cpe:2.3:a:mozilla:mozilla:0.9.9
-
cpe:2.3:a:mozilla:mozilla:1.0
-
cpe:2.3:a:mozilla:mozilla:1.0.1
-
cpe:2.3:a:mozilla:mozilla:1.0.2
-
cpe:2.3:a:mozilla:mozilla:1.1
-
cpe:2.3:a:mozilla:mozilla:1.2
-
cpe:2.3:a:mozilla:mozilla:1.2.1
-
cpe:2.3:a:mozilla:mozilla:1.3
-
cpe:2.3:a:mozilla:mozilla:1.3.1
-
cpe:2.3:a:mozilla:mozilla:1.4
-
cpe:2.3:a:mozilla:mozilla:1.4.1
-
cpe:2.3:a:mozilla:mozilla:1.4.2
-
cpe:2.3:a:mozilla:mozilla:1.4.4
-
cpe:2.3:a:mozilla:mozilla:1.5
-
cpe:2.3:a:mozilla:mozilla:1.5.1
-
cpe:2.3:a:mozilla:mozilla:1.6
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:thunderbird:0.1
-
cpe:2.3:a:mozilla:thunderbird:0.2
-
cpe:2.3:a:mozilla:thunderbird:0.3
-
cpe:2.3:a:mozilla:thunderbird:0.4
-
cpe:2.3:a:mozilla:thunderbird:0.5
-
cpe:2.3:a:mozilla:thunderbird:0.6
-
cpe:2.3:a:mozilla:thunderbird:0.7
-
cpe:2.3:a:mozilla:thunderbird:0.7.1
-
cpe:2.3:a:mozilla:thunderbird:0.7.2
-
cpe:2.3:a:mozilla:thunderbird:0.7.3