Test ID:	1.3.6.1.4.1.25623.1.0.15432
Category:	Windows
Title:	Mozilla/Firefox default installation file permission flaw
Summary:	The remote host is using Mozilla and/or Firefox, an alternative web browser.; The remote version of this software is prone to an improper file permission; setting.;; This flaw only exists if the browser is installed by the Mozilla Foundation; package management, thus this alert might be a false positive.;; A local attacker could overwrite arbitrary files or execute arbitrary code in; the context of the user running the browser.
Description:	Summary: The remote host is using Mozilla and/or Firefox, an alternative web browser. The remote version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, thus this alert might be a false positive. A local attacker could overwrite arbitrary files or execute arbitrary code in the context of the user running the browser. Solution: Update to the latest version of the software CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0906 BugTraq ID: 11192 http://www.securityfocus.com/bid/11192 CERT/CC vulnerability note: VU#653160 http://www.kb.cert.org/vuls/id/653160 http://security.gentoo.org/glsa/glsa-200409-26.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668 http://www.redhat.com/support/errata/RHSA-2005-323.html http://secunia.com/advisories/12526/ SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-insecure-file-permissions(17375) https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.