Vulnerabilities > CVE-2004-0648 - Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
Vulnerable Configurations
Exploit-Db
description | Mozilla 1.7 External Protocol Handler Weakness. CVE-2004-0648. Remote exploit for windows platform |
id | EDB-ID:24263 |
last seen | 2016-02-02 |
modified | 2004-07-08 |
published | 2004-07-08 |
reporter | Keith McCanless |
source | https://www.exploit-db.com/download/24263/ |
title | Mozilla 1.7 External Protocol Handler Weakness |
Nessus
NASL family | Windows |
NASL id | MOZILLA_FIREFOX_CODE_EXEC.NASL |
description | The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12642 |
published | 2004-07-09 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12642 |
title | Mozilla Browsers shell: URI Arbitrary Command Execution |
code |
|
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html
- http://marc.info/?l=bugtraq&m=108938712815719&w=2
- http://secunia.com/advisories/12027
- http://www.ciac.org/ciac/bulletins/o-175.shtml
- http://www.kb.cert.org/vuls/id/927014
- http://www.mozilla.org/projects/security/known-vulnerabilities.html
- http://www.mozilla.org/security/shell.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16655