Vulnerability Note VU#653160
Mozilla Linux installer does not properly set file permissions
Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions.
Some versions of Mozilla's Linux installer may create installation and program files with global read and write permissions. A local user may then be able to modify or replace these files with malicious versions.
A local user may modify files, or replace files with malicious versions.
This vulnerability is resolved in Firefox Preview Release, Mozilla 1.7.3, and Thunderbird 0.8.
As a workaround for older versions, modify the installed files permissions using chmod.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla||Affected||-||17 Sep 2004|
CVSS Metrics (Learn More)
Thanks to Daniel Koukola for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: Unknown
- Date Public: 14 Sep 2004
- Date First Published: 17 Sep 2004
- Date Last Updated: 17 Sep 2004
- Severity Metric: 10.55
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.