CVE-2004-0909

medium

Description

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17377

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

http://www.kb.cert.org/vuls/id/113192

http://security.gentoo.org/glsa/glsa-200409-26.xml

http://secunia.com/advisories/12526

http://marc.info/?l=bugtraq&m=109698896104418&w=2

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium