CVE-2004-0762

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

Published: Aug 18, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0762
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	-	0.7.x
mozilla / firefox	-	0.9.x
mozilla / mozilla	-	1.7.x

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://secunia.com/advisories/11999/
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/15495
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
https://exchange.xforce.ibmcloud.com/vulnerabilities/16623
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403

Vulnerability Database

289,599

CVE-2004-0762