CVE-2005-0584

Sažetak

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

Reference

http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-24.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
https://bugzilla.mozilla.org/show_bug.cgi?id=277574
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

02-05-2005 - 04:00