CVE-2005-0590

Sažetak

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

Reference

http://secunia.com/advisories/19823
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-17.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12659
https://bugzilla.mozilla.org/show_bug.cgi?id=268059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

02-05-2005 - 04:00