Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0648

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0648
Last Modified 05 Sep 2008 04:39:00
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0648

Summary

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

Vulnerable Systems

Application

  • Mozilla 1.7.1

  • Mozilla Firefox 0.9.2

  • Mozilla Thunderbird 0.7.2


References

CERT-VN - VU#927014

BUGTRAQ - 20040708 Mozilla Security Advisory 2004-07-08

XF - mozilla-shell-program-execution(16655)

CONFIRM - http://www.mozilla.org/security/shell.html

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html

CIAC - O-175

FULLDISC - 20040707 shell:windows command question

SECUNIA - 12027


Last Updated: 27 May 2016 10:38:42