CVE-2004-0764 - OpenCVE

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Mozilla Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:mozilla::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

References

Link	Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://bugzilla.mozilla.org/show_bug.cgi?id=244965	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://secunia.com/advisories/12188
http://www.kb.cert.org/vuls/id/262350	US Government Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/10832
http://www.securityfocus.com/bid/15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/16837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-08-03T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2004-08-02T00:00:00

Link: CVE-2004-0764

JSON object: View

NVD Information

Status : Modified

Published: 2004-08-18T04:00:00.000

Modified: 2017-10-11T01:29:32.980

Link: CVE-2004-0764

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "12188", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12188"}, {"name": "mozilla-user-interface-spoofing(16837)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837"}, {"name": "SCOSA-2005.49", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"}, {"name": "SUSE-SA:2004:036", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"}, {"name": "RHSA-2004:421", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"}, {"name": "FLSA:2089", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"}, {"name": "oval:org.mitre.oval:def:2418", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418"}, {"name": "15495", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15495"}, {"name": "VU#262350", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/262350"}, {"name": "10832", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10832"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=244965"}, {"name": "oval:org.mitre.oval:def:9419", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0764", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "12188", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12188"}, {"name": "mozilla-user-interface-spoofing(16837)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837"}, {"name": "SCOSA-2005.49", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"}, {"name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"}, {"name": "RHSA-2004:421", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"}, {"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", "refsource": "CONFIRM", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"}, {"name": "FLSA:2089", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"}, {"name": "oval:org.mitre.oval:def:2418", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418"}, {"name": "15495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15495"}, {"name": "VU#262350", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/262350"}, {"name": "10832", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10832"}, {"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=244965"}, {"name": "oval:org.mitre.oval:def:9419", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0764", "datePublished": "2004-08-03T04:00:00", "dateReserved": "2004-08-02T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", "versionEndIncluding": "0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9239E8A-8155-462A-A409-D66FF6B94B04", "versionEndIncluding": "1.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", "versionEndIncluding": "0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files."}, {"lang": "es", "value": "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, permiten a sitios web remotos secuestrar el interfaz del usuario mediante la bandera \"chrome\" y ficheros de Interfaz de Usuario XML (XUL)."}], "id": "CVE-2004-0764", "lastModified": "2017-10-11T01:29:32.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=244965"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12188"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/262350"}, {"source": "cve@mitre.org", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/10832"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15495"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}