CVE-2004-0906 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2004-0906 Interim 1 3 2021-06-09T08:31:48Z current 2021-05-30T12:30:41Z 2021-06-09T08:31:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2004-0906 The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. CVE-2004-0906 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P