CVE-2004-1450
Description
LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files on the user's filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files on the user's filesystem.
Vulnerability
The vulnerability resides in LiveConnect's security context handling within Mozilla 1.7 beta. A regression introduced by the patch for bug 146458 in nsCSecurityContext.cpp's Implies method allows Java applets to bypass security checks and read arbitrary files. [1]
Exploitation
An attacker can host a malicious web page containing a Java applet that uses LiveConnect to read files. No special privileges or user interaction beyond visiting the page are required. The applet can read any file at a known location on the user's filesystem. [1]
Impact
Successful exploitation allows the attacker to read any file on the user's filesystem that the user can access, leading to unauthorized information disclosure. [1]
Mitigation
The issue was fixed in Mozilla 1.7 final by backing out part of the patch for bug 146458. [1] Users should upgrade to Mozilla 1.7 final or later to mitigate the vulnerability. [2]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
- (no CPE)range: = 1.7 beta
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.