Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0762

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0762
Last Modified 21 Aug 2010 12:21:13
Published 18 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0762

Summary

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

Vulnerable Systems

Application

  • Mozilla 1.7

  • Mozilla Firefox 0.9

  • Mozilla Thunderbird 0.7


References

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=162020

XF - mozilla-dialog-code-execution(16623)

REDHAT - RHSA-2004:421

SUSE - SUSE-SA:2004:036

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

SECUNIA - 11999

FEDORA - FLSA:2089

MISC - http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/

BID - 15495

FULLDISC - 20040407 Race conditions in security dialogs

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:38:44