CVE-2004-0762 Information

Description

Mozilla before 1.7 Firefox before 0.9 and Thunderbird before 0.7 allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://bugzilla.mozilla.org/show_bug.cgi?id=162020 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://secunia.com/advisories/11999/ http://www.mozilla.org/projects/security/known-vulnerabilities.htmlmozilla1.7 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.securityfocus.com/bid/15495 http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ https://exchange.xforce.ibmcloud.com/vulnerabilities/16623 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10032 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4403