CVE-2004-0779

Sažetak

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=226278
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
https://exchange.xforce.ibmcloud.com/vulnerabilities/17018

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

18-08-2004 - 04:00