New Search

Mozilla 'user:pass@host' Spoofing Vulnerability

oval:org.mitre.oval:def:100041

The installation confirmation dialog in Firefox before 1.0.1 Thunderbird before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL which appears before the real hostname.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
  • Microsoft Windows NT
Class:
vulnerability
Reference(s):
  • CVE-2005-0590
Product(s):
  • Mozilla Firefox
  • Mozilla Thunderbird
  • mozilla