4.6
CVE-2004-0906
- EPSS 0.42%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version0.1
Mozilla ≫ Thunderbird Version0.2
Mozilla ≫ Thunderbird Version0.3
Mozilla ≫ Thunderbird Version0.4
Mozilla ≫ Thunderbird Version0.5
Mozilla ≫ Thunderbird Version0.6
Mozilla ≫ Thunderbird Version0.7
Mozilla ≫ Thunderbird Version0.7.1
Mozilla ≫ Thunderbird Version0.7.2
Mozilla ≫ Thunderbird Version0.7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.337 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://security.gentoo.org/glsa/glsa-200409-26.xml
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.redhat.com/support/errata/RHSA-2005-323.html
http://bugzilla.mozilla.org/show_bug.cgi?id=231083
http://bugzilla.mozilla.org/show_bug.cgi?id=235781
http://secunia.com/advisories/12526/
http://www.kb.cert.org/vuls/id/653160
http://www.securityfocus.com/bid/11192
https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668