[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0909Date: (C)2004-12-31   (M)2023-12-22


Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-12526
GLSA-200409-26
SSRT4826
SUSE-SA:2004:036
VU#113192
http://bugzilla.mozilla.org/show_bug.cgi?id=253942
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
mozilla-enableprivilege-modify-dialog(17377)

CPE    51
cpe:/a:mozilla:mozilla:1.1:beta
cpe:/a:mozilla:mozilla:1.4
cpe:/a:mozilla:mozilla:0.9.35
cpe:/a:mozilla:mozilla:1.3
...

© SecPod Technologies