CVE-2004-0907

CVE Database · CVE-2004-0907

CVE-2004-0907

· N/AModified

CVSS v3.1

N/A

EPSS

0.42%

Published

Dec 31, 2004

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

Affected Products (53)

mozilla · mozillavulnerable

· mozilla

References (8)

http://bugzilla.mozilla.org/show_bug.cgi?id=254303

Patch

http://security.gentoo.org/glsa/glsa-200409-26.xml

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

https://exchange.xforce.ibmcloud.com/vulnerabilities/17373