CVE-2004-0907Mozilla vulnerability

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 73.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MozillaMozilla Thunderbird
Timeline
PublishedDec 31
Latest updateApr 29

Description

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDmozilla/thunderbird9 versions+8
NVDmozilla/mozilla31 versions+30

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-jgmj-mpcg-qp5x: The Linux install2022-04-29
CVEList
CVE-2004-0907: The Linux install2004-09-24