Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0906

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-0906
Last Modified 21 Aug 2010 12:21:27
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0906

Summary

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

Vulnerable Systems

Application

  • Mozilla 0.8

  • Mozilla 0.9.2

  • Mozilla 0.9.2.1

  • Mozilla 0.9.3

  • Mozilla 0.9.35

  • Mozilla 0.9.4

  • Mozilla 0.9.4.1

  • Mozilla 0.9.48

  • Mozilla 0.9.5

  • Mozilla 0.9.6

  • Mozilla 0.9.7

  • Mozilla 0.9.8

  • Mozilla 0.9.9

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.0.2

  • Mozilla 1.1

  • Mozilla 1.2

  • Mozilla 1.2.1

  • Mozilla 1.3

  • Mozilla 1.3.1

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.4.2

  • Mozilla 1.4.4

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla Thunderbird 0.1

  • Mozilla Thunderbird 0.2

  • Mozilla Thunderbird 0.3

  • Mozilla Thunderbird 0.4

  • Mozilla Thunderbird 0.5

  • Mozilla Thunderbird 0.6

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.7.1

  • Mozilla Thunderbird 0.7.2

  • Mozilla Thunderbird 0.7.3


References

CERT-VN - VU#653160

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=235781

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=231083

XF - mozilla-insecure-file-permissions(17375)

BID - 11192

REDHAT - RHSA-2005:323

SUSE - SUSE-SA:2004:036

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

GENTOO - GLSA-200409-26

SECUNIA - 12526


Last Updated: 27 May 2016 10:38:48