PT-2004-1736 · Mozilla · Thunderbird+2

Published

2004-07-13

Updated

2017-07-11

CVE-2004-0648

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla (Suite) versions prior to 1.7.1 Firefox versions prior to 0.9.2 Thunderbird versions prior to 0.7.2

Description The issue allows remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

Recommendations For Mozilla (Suite) versions prior to 1.7.1, update to version 1.7.1 or later. For Firefox versions prior to 0.9.2, update to version 0.9.2 or later. For Thunderbird versions prior to 0.7.2, update to version 0.7.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0648

Affected Products

Firefox

Mozilla Firefox

Thunderbird

PT-2004-1736 · Mozilla · Thunderbird+2

CVE-2004-0648

Related Identifiers

Affected Products

References · 10