CVE-2004-0908
First published: Fri Sep 24 2004(Updated: )
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.4.2 | |
| Mozilla Firefox | =0.9.5 | |
| Thunderbird | =0.6 | |
| Thunderbird | =0.7.2 | |
| Mozilla Firefox | =0.9.35 | |
| Thunderbird | =0.3 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Firefox | =1.7-alpha | |
| Thunderbird | =0.2 | |
| Mozilla Firefox | =0.9.48 | |
| Mozilla Firefox | =1.7-rc1 | |
| Mozilla Firefox | =1.2.1 | |
| Mozilla Firefox | =1.0-rc1 | |
| Mozilla Firefox | =1.2-alpha | |
| Mozilla Firefox | =1.7 | |
| Mozilla Firefox | =0.9.7 | |
| Mozilla Firefox | =1.1-beta | |
| Mozilla Firefox | =1.0-rc2 | |
| Mozilla Firefox | =0.9.2.1 | |
| Mozilla Firefox | =1.4.1 | |
| Mozilla Firefox | =1.4-beta | |
| Mozilla Firefox | =1.2 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Firefox | =1.4.4 | |
| Mozilla Firefox | =1.3 | |
| Mozilla Firefox | =1.2-beta | |
| Mozilla Firefox | =1.0 | |
| Mozilla Firefox | =1.7-beta | |
| Mozilla Firefox | =0.9.8 | |
| Mozilla Firefox | =1.4 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =0.9.4 | |
| Thunderbird | =0.5 | |
| Mozilla Firefox | =1.7.1 | |
| Mozilla Firefox | =1.4-alpha | |
| Thunderbird | =0.4 | |
| Thunderbird | =0.7 | |
| Mozilla Firefox | =0.9.6 | |
| Mozilla Firefox | =1.5.1 | |
| Mozilla Firefox | =1.1 | |
| Mozilla Firefox | =1.1-alpha | |
| Mozilla Firefox | =0.9.4.1 | |
| Mozilla Firefox | =0.8 | |
| Mozilla Firefox | =1.7.2 | |
| Thunderbird | =0.1 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.7-rc3 | |
| Thunderbird | =0.7.1 | |
| Mozilla Firefox | =1.7-rc2 | |
| Mozilla Firefox | =1.3.1 | |
| Mozilla Firefox | =0.9.9 | |
| Mozilla Firefox | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
- http://bugzilla.mozilla.org/show_bug.cgi?id=257523
- http://security.gentoo.org/glsa/glsa-200409-26.xml
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.kb.cert.org/vuls/id/460528
- http://www.securityfocus.com/bid/11179
- http://secunia.com/advisories/12526
- http://marc.info/?l=bugtraq&m=109698896104418&w=2
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17376
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745
Frequently Asked Questions
What are the potential risks associated with CVE-2004-0908?
CVE-2004-0908 allows untrusted JavaScript code to access and manipulate the clipboard, which may lead to unauthorized access to sensitive information.
Which versions of software are affected by CVE-2004-0908?
CVE-2004-0908 affects various versions of Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8.
What is the recommended way to mitigate CVE-2004-0908?
To mitigate CVE-2004-0908, users should update their Mozilla Firefox and Thunderbird software to the latest versions available.
What should I verify after updating to resolve CVE-2004-0908?
After updating, users should verify that the clipboard access restrictions are properly enforced in the latest versions of their software.
How does CVE-2004-0908 impact user privacy?
CVE-2004-0908 poses a risk to user privacy by enabling malicious scripts to read or overwrite clipboard data, potentially exposing sensitive information.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/mozilla
- product/mozilla
- canonical/mozilla mozilla
- product/thunderbird
- canonical/mozilla thunderbird
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/mozilla firefox
- version/mozilla firefox/1.4.2
- version/mozilla firefox/0.9.5
- canonical/thunderbird
- version/thunderbird/0.6
- version/thunderbird/0.7.2
- version/mozilla firefox/0.9.35
- version/thunderbird/0.3
- version/mozilla firefox/0.9.3
- version/mozilla firefox/1.0.1
- version/mozilla firefox/1.7-alpha
- version/thunderbird/0.2
- version/mozilla firefox/0.9.48
- version/mozilla firefox/1.7-rc1
- version/mozilla firefox/1.2.1
- version/mozilla firefox/1.0-rc1
- version/mozilla firefox/1.2-alpha
- version/mozilla firefox/1.7
- version/mozilla firefox/0.9.7
- version/mozilla firefox/1.1-beta
- version/mozilla firefox/1.0-rc2
- version/mozilla firefox/0.9.2.1
- version/mozilla firefox/1.4.1
- version/mozilla firefox/1.4-beta
- version/mozilla firefox/1.2
- version/mozilla firefox/0.9.2
- version/mozilla firefox/1.4.4
- version/mozilla firefox/1.3
- version/mozilla firefox/1.2-beta
- version/mozilla firefox/1.0
- version/mozilla firefox/1.7-beta
- version/mozilla firefox/0.9.8
- version/mozilla firefox/1.4
- version/mozilla firefox/1.5
- version/mozilla firefox/0.9.4
- version/thunderbird/0.5
- version/mozilla firefox/1.7.1
- version/mozilla firefox/1.4-alpha
- version/thunderbird/0.4
- version/thunderbird/0.7
- version/mozilla firefox/0.9.6
- version/mozilla firefox/1.5.1
- version/mozilla firefox/1.1
- version/mozilla firefox/1.1-alpha
- version/mozilla firefox/0.9.4.1
- version/mozilla firefox/0.8
- version/mozilla firefox/1.7.2
- version/thunderbird/0.1
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.7-rc3
- version/thunderbird/0.7.1
- version/mozilla firefox/1.7-rc2
- version/mozilla firefox/1.3.1
- version/mozilla firefox/0.9.9
- version/mozilla firefox/1.6