Required CVE Record Information
Description
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
References 11 Total
- securityfocus.com: 12659 vdb-entry
- secunia.com: 19823 third-party-advisory
- http://www.mozilla.org/security/announce/mfsa2005-17.html
- oval.cisecurity.org: oval:org.mitre.oval:def:100041 vdb-entrysignature
- https://bugzilla.mozilla.org/show_bug.cgi?id=268059
- oval.cisecurity.org: oval:org.mitre.oval:def:10010 vdb-entrysignature
- redhat.com: RHSA-2005:176 vendor-advisory
- redhat.com: RHSA-2005:384 vendor-advisory
- gentoo.org: GLSA-200503-30 vendor-advisory
- gentoo.org: GLSA-200503-10 vendor-advisory
- novell.com: SUSE-SA:2006:022 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 11 Total
- securityfocus.com: 12659 vdb-entryx_transferred
- secunia.com: 19823 third-party-advisoryx_transferred
- http://www.mozilla.org/security/announce/mfsa2005-17.html x_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:100041 vdb-entrysignaturex_transferred
- https://bugzilla.mozilla.org/show_bug.cgi?id=268059 x_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:10010 vdb-entrysignaturex_transferred
- redhat.com: RHSA-2005:176 vendor-advisoryx_transferred
- redhat.com: RHSA-2005:384 vendor-advisoryx_transferred
- gentoo.org: GLSA-200503-30 vendor-advisoryx_transferred
- gentoo.org: GLSA-200503-10 vendor-advisoryx_transferred
- novell.com: SUSE-SA:2006:022 vendor-advisoryx_transferred