Vulnerability CVE-2005-0142

Vulnerability Name:

CVE-2005-0142 (CCN-17832)

Assigned:

2004-10-24

Published:

2004-10-24

Updated:

2017-10-11

Summary:

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Full-Disclosure Mailing List, Sun Oct 24 2004 - 16:09:05 CDT
Mozilla Thunderbird 0.8 / Firefox 0.9.3 temporary files (local)

Source: CCN
Type: broadcast Advisories 008
Mozilla Thunderbird 0.8 / Firefox 0.9.3 temporary files (local)

Source: MITRE
Type: CNA
CVE-2005-0142

Source: CCN
Type: RHSA-2005-335
mozilla security update

Source: CCN
Type: RHSA-2005-384
Mozilla security update

Source: SECUNIA
Type: UNKNOWN
19823

Source: CCN
Type: MFSA 2005-02
Opened attachments are temporarily saved world-readable

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-02.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:004

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:335

Source: REDHAT
Type: UNKNOWN
RHSA-2005:384

Source: CCN
Type: BID-11522
Mozilla Temporary File Insecure Permissions Information Disclosure Vulnerability

Source: CCN
Type: USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities

Source: CCN
Type: Bugzilla Bug #251297
files in /tmp world readable (email attachments, helper app docs)

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=251297

Source: XF
Type: UNKNOWN
mozilla-world-readable(17832)

Source: XF
Type: UNKNOWN
mozilla-world-readable(17832)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100056

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9543

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050142	V	CVE-2005-0142	2015-11-16
oval:org.mitre.oval:def:9543	V	Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.	2013-04-29
oval:org.mitre.oval:def:100056	V	Mozilla Creates World-readable temp Files	2007-05-09
oval:com.redhat.rhsa:def:20050384	P	RHSA-2005:384: Mozilla security update (Important)	2005-04-28
oval:com.redhat.rhsa:def:20050335	P	RHSA-2005:335: mozilla security update (Critical)	2005-03-23

BACK