[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0762Date: (C)2004-08-18   (M)2023-12-22


Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-11999
BID-15495
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html
FLSA:2089
RHSA-2004:421
SCOSA-2005.49
SUSE-SA:2004:036
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
mozilla-dialog-code-execution(16623)
oval:org.mitre.oval:def:10032
oval:org.mitre.oval:def:4403

CPE    3
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:firefox
cpe:/a:mozilla:mozilla

© SecPod Technologies