What is the severity of CVE-2004-0907?

CVE-2004-0907 is considered to have a moderate severity level due to the potential for local users to exploit the vulnerability and execute arbitrary code.

How do I fix CVE-2004-0907?

To fix CVE-2004-0907, update to the latest versions of Mozilla Firefox, Mozilla, or Thunderbird that address the insecure file permissions issue.

What software versions are affected by CVE-2004-0907?

CVE-2004-0907 affects multiple versions of Mozilla Firefox, Mozilla, and Thunderbird, specifically those released before the specified updates.

Is CVE-2004-0907 a type of local file overwrite vulnerability?

Yes, CVE-2004-0907 allows local users to overwrite files due to insecure permissions, which can lead to arbitrary code execution.

What are the potential consequences of CVE-2004-0907 exploitation?

Exploitation of CVE-2004-0907 may allow attackers to execute arbitrary code on the system, compromising its integrity and security.

Vulnerability/
CVE-2004-0907

medium

4.6

CWE

NVD-CWE-Other

24/9/2004

8/8/2024

CVE-2004-0907

First published: Fri Sep 24 2004(Updated: )

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	=1.4.2
Mozilla Firefox	=0.9.5
Thunderbird	=0.6
Thunderbird	=0.7.2
Mozilla Firefox	=0.9.35
Thunderbird	=0.3
Mozilla Firefox	=0.9.3
Mozilla Firefox	=1.0.1
Mozilla Firefox	=1.7-alpha
Thunderbird	=0.2
Mozilla Firefox	=0.9.48
Mozilla Firefox	=1.7-rc1
Mozilla Firefox	=1.2.1
Mozilla Firefox	=1.0-rc1
Mozilla Firefox	=1.2-alpha
Mozilla Firefox	=1.7
Mozilla Firefox	=0.9.7
Mozilla Firefox	=1.1-beta
Mozilla Firefox	=1.0-rc2
Mozilla Firefox	=0.9.2.1
Mozilla Firefox	=1.4.1
Mozilla Firefox	=1.4-beta
Mozilla Firefox	=1.2
Mozilla Firefox	=0.9.2
Mozilla Firefox	=1.4.4
Mozilla Firefox	=1.3
Mozilla Firefox	=1.2-beta
Mozilla Firefox	=1.0
Mozilla Firefox	=1.7-beta
Mozilla Firefox	=0.9.8
Mozilla Firefox	=1.4
Mozilla Firefox	=1.5
Mozilla Firefox	=0.9.4
Thunderbird	=0.5
Mozilla Firefox	=1.7.1
Mozilla Firefox	=1.4-alpha
Thunderbird	=0.4
Thunderbird	=0.7
Mozilla Firefox	=0.9.6
Mozilla Firefox	=1.5.1
Mozilla Firefox	=1.1
Mozilla Firefox	=1.1-alpha
Mozilla Firefox	=0.9.4.1
Mozilla Firefox	=0.8
Mozilla Firefox	=1.7.2
Thunderbird	=0.1
Mozilla Firefox	=1.0.2
Mozilla Firefox	=1.7-rc3
Thunderbird	=0.7.1
Mozilla Firefox	=1.7-rc2
Mozilla Firefox	=1.3.1
Mozilla Firefox	=0.9.9
Mozilla Firefox	=1.6

Remedy

http://bugzilla.mozilla.org/show_bug.cgi?id=254303

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-0907?
CVE-2004-0907 is considered to have a moderate severity level due to the potential for local users to exploit the vulnerability and execute arbitrary code.
How do I fix CVE-2004-0907?
To fix CVE-2004-0907, update to the latest versions of Mozilla Firefox, Mozilla, or Thunderbird that address the insecure file permissions issue.
What software versions are affected by CVE-2004-0907?
CVE-2004-0907 affects multiple versions of Mozilla Firefox, Mozilla, and Thunderbird, specifically those released before the specified updates.
Is CVE-2004-0907 a type of local file overwrite vulnerability?
Yes, CVE-2004-0907 allows local users to overwrite files due to insecure permissions, which can lead to arbitrary code execution.
What are the potential consequences of CVE-2004-0907 exploitation?
Exploitation of CVE-2004-0907 may allow attackers to execute arbitrary code on the system, compromising its integrity and security.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/weakness
agent/author
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
vendor/mozilla
product/mozilla
canonical/mozilla mozilla
product/thunderbird
canonical/mozilla thunderbird
agent/software-canonical-lookup-request
collector/nvd-index
canonical/mozilla firefox
version/mozilla firefox/1.4.2
version/mozilla firefox/0.9.5
canonical/thunderbird
version/thunderbird/0.6
version/thunderbird/0.7.2
version/mozilla firefox/0.9.35
version/thunderbird/0.3
version/mozilla firefox/0.9.3
version/mozilla firefox/1.0.1
version/mozilla firefox/1.7-alpha
version/thunderbird/0.2
version/mozilla firefox/0.9.48
version/mozilla firefox/1.7-rc1
version/mozilla firefox/1.2.1
version/mozilla firefox/1.0-rc1
version/mozilla firefox/1.2-alpha
version/mozilla firefox/1.7
version/mozilla firefox/0.9.7
version/mozilla firefox/1.1-beta
version/mozilla firefox/1.0-rc2
version/mozilla firefox/0.9.2.1
version/mozilla firefox/1.4.1
version/mozilla firefox/1.4-beta
version/mozilla firefox/1.2
version/mozilla firefox/0.9.2
version/mozilla firefox/1.4.4
version/mozilla firefox/1.3
version/mozilla firefox/1.2-beta
version/mozilla firefox/1.0
version/mozilla firefox/1.7-beta
version/mozilla firefox/0.9.8
version/mozilla firefox/1.4
version/mozilla firefox/1.5
version/mozilla firefox/0.9.4
version/thunderbird/0.5
version/mozilla firefox/1.7.1
version/mozilla firefox/1.4-alpha
version/thunderbird/0.4
version/thunderbird/0.7
version/mozilla firefox/0.9.6
version/mozilla firefox/1.5.1
version/mozilla firefox/1.1
version/mozilla firefox/1.1-alpha
version/mozilla firefox/0.9.4.1
version/mozilla firefox/0.8
version/mozilla firefox/1.7.2
version/thunderbird/0.1
version/mozilla firefox/1.0.2
version/mozilla firefox/1.7-rc3
version/thunderbird/0.7.1
version/mozilla firefox/1.7-rc2
version/mozilla firefox/1.3.1
version/mozilla firefox/0.9.9
version/mozilla firefox/1.6