CVE Vulnerabilities

CVE-2004-0906

Published: Dec 31, 2004 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

Affected Software

Name Vendor Start Version End Version
Mozilla Mozilla 0.8 (including) 0.8 (including)
Mozilla Mozilla 0.9.2 (including) 0.9.2 (including)
Mozilla Mozilla 0.9.2.1 (including) 0.9.2.1 (including)
Mozilla Mozilla 0.9.3 (including) 0.9.3 (including)
Mozilla Mozilla 0.9.4 (including) 0.9.4 (including)
Mozilla Mozilla 0.9.4.1 (including) 0.9.4.1 (including)
Mozilla Mozilla 0.9.5 (including) 0.9.5 (including)
Mozilla Mozilla 0.9.6 (including) 0.9.6 (including)
Mozilla Mozilla 0.9.7 (including) 0.9.7 (including)
Mozilla Mozilla 0.9.8 (including) 0.9.8 (including)
Mozilla Mozilla 0.9.9 (including) 0.9.9 (including)
Mozilla Mozilla 0.9.35 (including) 0.9.35 (including)
Mozilla Mozilla 0.9.48 (including) 0.9.48 (including)
Mozilla Mozilla 1.0 (including) 1.0 (including)
Mozilla Mozilla 1.0-rc1 (including) 1.0-rc1 (including)
Mozilla Mozilla 1.0-rc2 (including) 1.0-rc2 (including)
Mozilla Mozilla 1.0.1 (including) 1.0.1 (including)
Mozilla Mozilla 1.0.2 (including) 1.0.2 (including)
Mozilla Mozilla 1.1 (including) 1.1 (including)
Mozilla Mozilla 1.1-alpha (including) 1.1-alpha (including)
Mozilla Mozilla 1.1-beta (including) 1.1-beta (including)
Mozilla Mozilla 1.2 (including) 1.2 (including)
Mozilla Mozilla 1.2-alpha (including) 1.2-alpha (including)
Mozilla Mozilla 1.2-beta (including) 1.2-beta (including)
Mozilla Mozilla 1.2.1 (including) 1.2.1 (including)
Mozilla Mozilla 1.3 (including) 1.3 (including)
Mozilla Mozilla 1.3.1 (including) 1.3.1 (including)
Mozilla Mozilla 1.4 (including) 1.4 (including)
Mozilla Mozilla 1.4-alpha (including) 1.4-alpha (including)
Mozilla Mozilla 1.4-beta (including) 1.4-beta (including)
Mozilla Mozilla 1.4.1 (including) 1.4.1 (including)
Mozilla Mozilla 1.4.2 (including) 1.4.2 (including)
Mozilla Mozilla 1.4.4 (including) 1.4.4 (including)
Mozilla Mozilla 1.5 (including) 1.5 (including)
Mozilla Mozilla 1.5.1 (including) 1.5.1 (including)
Mozilla Mozilla 1.6 (including) 1.6 (including)
Mozilla Mozilla 1.7 (including) 1.7 (including)
Mozilla Mozilla 1.7-alpha (including) 1.7-alpha (including)
Mozilla Mozilla 1.7-beta (including) 1.7-beta (including)
Mozilla Mozilla 1.7-rc1 (including) 1.7-rc1 (including)
Mozilla Mozilla 1.7-rc2 (including) 1.7-rc2 (including)
Mozilla Mozilla 1.7-rc3 (including) 1.7-rc3 (including)
Mozilla Mozilla 1.7.1 (including) 1.7.1 (including)
Mozilla Mozilla 1.7.2 (including) 1.7.2 (including)
Thunderbird Mozilla 0.1 (including) 0.1 (including)
Thunderbird Mozilla 0.2 (including) 0.2 (including)
Thunderbird Mozilla 0.3 (including) 0.3 (including)
Thunderbird Mozilla 0.4 (including) 0.4 (including)
Thunderbird Mozilla 0.5 (including) 0.5 (including)
Thunderbird Mozilla 0.6 (including) 0.6 (including)
Thunderbird Mozilla 0.7 (including) 0.7 (including)
Thunderbird Mozilla 0.7.1 (including) 0.7.1 (including)
Thunderbird Mozilla 0.7.2 (including) 0.7.2 (including)
Thunderbird Mozilla 0.7.3 (including) 0.7.3 (including)
Red Hat Enterprise Linux 2.1 RedHat galeon *
Red Hat Enterprise Linux 2.1 RedHat mozilla *
Red Hat Enterprise Linux 3 RedHat mozilla *

References