CVE-2004-0906 Information

Feb 14, 2021 cve

Description

The XPInstall installer in Mozilla Firefox before the Preview Release Mozilla before 1.7.3 and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages which could allow local users to overwrite arbitrary files or execute arbitrary code.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=231083 http://bugzilla.mozilla.org/show_bug.cgi?id=235781 http://secunia.com/advisories/12526/ http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/653160 http://www.mozilla.org/projects/security/known-vulnerabilities.htmlmozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.securityfocus.com/bid/11192 https://exchange.xforce.ibmcloud.com/vulnerabilities/17375 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11668

Share on: