Vulnerability CVE-2004-0760

Vulnerability Name:

CVE-2004-0760 (CCN-16691)

Assigned:

2004-07-11

Published:

2004-07-11

Updated:

2017-10-11

Summary:

Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

File Manipulation

References:

Source: SCO
Type: UNKNOWN
SCOSA-2005.49

Source: CCN
Type: BugTraq Mailing List, Tue Jul 13 2004 - 05:16:32 CDT
Two Vulnerabilities in Mozilla may lead to remote compromise

Source: CCN
Type: BugTraq Mailing List, Tue Jul 13 2004 - 12:01:03 CDT
Re: Two Vulnerabilities in Mozilla may lead to remote compromise

Source: CONFIRM
Type: Patch, Vendor Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=250906

Source: MITRE
Type: CNA
CVE-2004-0760

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:877
New upstream for mozilla

Source: FEDORA
Type: UNKNOWN
FLSA:2089

Source: CCN
Type: RHSA-2004-421
mozilla security update

Source: CCN
Type: Slackware Security Advisories Tue, 10 Aug 2004 14:17:12 -0700 (PDT)
[slackware-security] Mozilla (SSA:2004-223-01)

Source: CCN
Type: Sun Alert ID: 57701
Multiple Security Vulnerabilities in Mozilla

Source: CCN
Type: CIAC Information Bulletin O-195
Mozilla Updated Security Packages

Source: CCN
Type: CIAC Information Bulletin P-069
Sun - Multiple Mozilla Vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:036

Source: REDHAT
Type: UNKNOWN
RHSA-2004:421

Source: CCN
Type: BID-10709
Mozilla Browser Cache File Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
15495

Source: CCN
Type: BID-15495
SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed

Source: XF
Type: UNKNOWN
mozilla-modify-mime-type(16691)

Source: XF
Type: UNKNOWN
mozilla-modify-mime-type(16691)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11090

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1227

Source: SUSE
Type: SUSE-SA:2004:030
apache2: remote DoS condition

Source: SUSE
Type: SUSE-SA:2004:031
cups: remote code execution

Source: SUSE
Type: SUSE-SA:2004:035
samba: remote file disclosure

Source: SUSE
Type: SUSE-SA:2004:036
mozilla: various vulnerabilities

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:mozilla:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

AND

cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040760	V	CVE-2004-0760	2015-11-16
oval:org.mitre.oval:def:11090	V	Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.	2013-04-29
oval:org.mitre.oval:def:1227	V	Mozilla FTP URI MIME Type Exploit Vulnerability	2005-03-09
oval:com.redhat.rhsa:def:20040421	P	RHSA-2004:421: mozilla security update (Critical)	2004-08-04

BACK