CVE-2004-0909Mozilla vulnerability

3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
6.6%
top 8.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MozillaMozilla Thunderbird
Timeline
PublishedDec 31
Latest updateApr 29

Description

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

NVDmozilla/thunderbird9 versions+8
NVDmozilla/mozilla31 versions+30

🔴Vulnerability Details

2
GHSA
GHSA-fmr4-hv22-46fr: Mozilla Firefox before the Preview Release, Mozilla before 12022-04-29
CVEList
CVE-2004-0909: Mozilla Firefox before the Preview Release, Mozilla before 12004-09-24