Back to search
CVE-2004-0906
Published: Sep 24, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2005:323
vendor-advisory
x_refsource_REDHAT
mozilla-insecure-file-permissions(17375)
vdb-entry
x_refsource_XF
11192
vdb-entry
x_refsource_BID
SUSE-SA:2004:036
vendor-advisory
x_refsource_SUSE
http://bugzilla.mozilla.org/show_bug.cgi?id=231083
x_refsource_CONFIRM
oval:org.mitre.oval:def:11668
vdb-entry
signature
x_refsource_OVAL
VU#653160
third-party-advisory
x_refsource_CERT-VN
GLSA-200409-26
vendor-advisory
x_refsource_GENTOO
12526
third-party-advisory
x_refsource_SECUNIA
http://bugzilla.mozilla.org/show_bug.cgi?id=235781
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now