| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Mozilla Firefox 0.9. This vulnerability affects unknown code. This manipulation causes race condition. The identification of this vulnerability is CVE-2005-0142. The attack needs to be done within the local network. Furthermore, there is an exploit available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in Mozilla Firefox 0.9 (Web Browser) and classified as problematic. Affected by this vulnerability is an unknown code. The manipulation with an unknown input leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
The bug was discovered 10/24/2004. The weakness was shared 10/25/2004 by Martin (Website). The advisory is shared at broadcast.ptraced.net. This vulnerability is known as CVE-2005-0142 since 01/25/2005. The attack needs to be initiated within the local network. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.
It is possible to download the exploit at broadcast.ptraced.net. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 21930 (CentOS 3 : mozilla (CESA-2005:384)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 117973 (CentOS Security Update for Mozilla (CESA-2005:384)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at bugzilla.mozilla.org. A possible mitigation has been published 7 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (17832), Tenable (21930), SecurityFocus (BID 11522†), OSVDB (11118†) and Secunia (SA19823†). Additional details are provided at bugzilla.mozilla.org. The entries VDB-921, VDB-1115, VDB-1185 and VDB-1175 are related to this item. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.mozilla.org/
- Product: https://www.mozilla.org/en-US/firefox/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.0
VulDB Base Score: 5.5
VulDB Temp Score: 5.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 21930
Nessus Name: CentOS 3 : mozilla (CESA-2005:384)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: bugzilla.mozilla.org
Timeline
10/24/2004 🔍10/24/2004 🔍
10/25/2004 🔍
10/25/2004 🔍
10/26/2004 🔍
01/25/2005 🔍
04/03/2005 🔍
04/28/2005 🔍
05/02/2005 🔍
04/26/2006 🔍
07/05/2006 🔍
06/30/2019 🔍
Sources
Vendor: mozilla.orgProduct: mozilla.org
Advisory: broadcast.ptraced.net
Researcher: Martin
Status: Not defined
Confirmation: 🔍
CVE: CVE-2005-0142 (🔍)
GCVE (CVE): GCVE-0-2005-0142
GCVE (VulDB): GCVE-100-949
OVAL: 🔍
X-Force: 17832 - Mozilla, Thunderbird, and Firefox files are world-readable, Medium Risk
SecurityFocus: 11522 - Mozilla Temporary File Insecure Permissions Information Disclosure Vulnerability
Secunia: 19823 - SUSE update for MozillaThunderbird, Highly Critical
OSVDB: 11118 - CVE-2005-0142 - Mozilla - Firefox and Thunderbird - Information-disclosure Issue
SecuriTeam: securiteam.com
Vulnerability Center: 7471 - Mozilla Browser, Firefox and Thunderbird Allow Reading Files via Insecure Permissions, Low
Misc.: 🔍
See also: 🔍
Entry
Created: 10/26/2004 13:15Updated: 06/30/2019 07:18
Changes: 10/26/2004 13:15 (95), 06/30/2019 07:18 (4)
Complete: 🔍
Cache ID: 216:0DD:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.