New Search

Mozilla 'user:pass@host' Spoofing Vulnerability

oval:org.mitre.oval:def:100041

The installation confirmation dialog in Firefox before 1.0.1 Thunderbird before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL which appears before the real hostname.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows NT
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2005-0590
Product(s):
  • Mozilla Firefox
  • mozilla
  • Mozilla Thunderbird