Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0648 — Mozilla Firefox vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

24.7%

top 3.84%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Mozilla Thunderbird

Timeline

PublishedAug 6

Latest updateApr 29

Description

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox0.9.2

▶NVDmozilla/thunderbird0.7.2

▶NVDmozilla/mozilla1.7.1

🔴Vulnerability Details

GHSA

GHSA-5253-q8v4-qcg9: Mozilla (Suite) before 1↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

Mozilla 1.7 - External Protocol Handler↗2004-07-08

▶