Vulnerability Details : CVE-2004-2657
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.
Products affected by CVE-2004-2657
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2657
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2657
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.7
|
LOW | AV:L/AC:L/Au:S/C:P/I:N/A:N |
3.1
|
2.9
|
NIST |
References for CVE-2004-2657
-
https://bugzilla.mozilla.org/show_bug.cgi?id=330884
330884 - When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been s
-
https://bugzilla.mozilla.org/show_bug.cgi?id=234680
234680 - Uninstall should give the option to remove profile data
-
http://www.securityfocus.com/archive/1/431021/100/0/threaded
-
http://www.securityfocus.com/archive/1/431063/100/0/threaded
Jump to