Windows : Mozilla/Firefox default installation file permission flaw

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.15432

Kategorie: Windows

Titel: Mozilla/Firefox default installation file permission flaw

Zusammenfassung: The remote host is using Mozilla and/or Firefox, an alternative web browser.; The remote version of this software is prone to an improper file permission; setting.;; This flaw only exists if the browser is installed by the Mozilla Foundation; package management, thus this alert might be a false positive.;; A local attacker could overwrite arbitrary files or execute arbitrary code in; the context of the user running the browser.

Beschreibung: Summary:
The remote host is using Mozilla and/or Firefox, an alternative web browser.
The remote version of this software is prone to an improper file permission
setting.

This flaw only exists if the browser is installed by the Mozilla Foundation
package management, thus this alert might be a false positive.

A local attacker could overwrite arbitrary files or execute arbitrary code in
the context of the user running the browser.

Solution:
Update to the latest version of the software

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0906
BugTraq ID: 11192
http://www.securityfocus.com/bid/11192
CERT/CC vulnerability note: VU#653160
http://www.kb.cert.org/vuls/id/653160
http://security.gentoo.org/glsa/glsa-200409-26.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668
http://www.redhat.com/support/errata/RHSA-2005-323.html
http://secunia.com/advisories/12526/
SuSE Security Announcement: SUSE-SA:2004:036 (Google Search)
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
XForce ISS Database: mozilla-insecure-file-permissions(17375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17375

Copyright Copyright (C) 2004 David Maciejak

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.15432
Kategorie:	Windows
Titel:	Mozilla/Firefox default installation file permission flaw
Zusammenfassung:	The remote host is using Mozilla and/or Firefox, an alternative web browser.; The remote version of this software is prone to an improper file permission; setting.;; This flaw only exists if the browser is installed by the Mozilla Foundation; package management, thus this alert might be a false positive.;; A local attacker could overwrite arbitrary files or execute arbitrary code in; the context of the user running the browser.
Beschreibung:	Summary: The remote host is using Mozilla and/or Firefox, an alternative web browser. The remote version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, thus this alert might be a false positive. A local attacker could overwrite arbitrary files or execute arbitrary code in the context of the user running the browser. Solution: Update to the latest version of the software CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0906 BugTraq ID: 11192 http://www.securityfocus.com/bid/11192 CERT/CC vulnerability note: VU#653160 http://www.kb.cert.org/vuls/id/653160 http://security.gentoo.org/glsa/glsa-200409-26.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668 http://www.redhat.com/support/errata/RHSA-2005-323.html http://secunia.com/advisories/12526/ SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-insecure-file-permissions(17375) https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
Copyright	Copyright (C) 2004 David Maciejak