 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.14181 |
| Category: | Windows |
| Title: | Mozilla/Firefox user interface spoofing |
| Summary: | The remote host is using Mozilla and/or Firefox, an alternative web browser.; This web browser supports the XUL (XML User Interface Language), a language; designed to manipulate the user interface of the browser itself.;; Since XUL gives the full control of the browser GUI to the visited websites,; an attacker may use it to spoof a third party website and therefore pretend; that the URL and Certificates of the website are legitimate.;; In addition to this, the remote version of this browser is vulnerable to a; flaw which may allow a malicious web site to spoof security properties; such as SSL certificates and URIs. |
| Description: | Summary: The remote host is using Mozilla and/or Firefox, an alternative web browser. This web browser supports the XUL (XML User Interface Language), a language designed to manipulate the user interface of the browser itself. Since XUL gives the full control of the browser GUI to the visited websites, an attacker may use it to spoof a third party website and therefore pretend that the URL and Certificates of the website are legitimate. In addition to this, the remote version of this browser is vulnerable to a flaw which may allow a malicious web site to spoof security properties such as SSL certificates and URIs. Solution: None at this time CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0763 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 Bugtraq: 20040726 Mozilla Firefox Certificate Spoofing (Google Search) http://marc.info/?l=bugtraq&m=109087067730938&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.html http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436 http://www.redhat.com/support/errata/RHSA-2004-421.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/12160/ SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-ssl-certificate-spoofing(16796) https://exchange.xforce.ibmcloud.com/vulnerabilities/16796 Common Vulnerability Exposure (CVE) ID: CVE-2004-0764 BugTraq ID: 10832 http://www.securityfocus.com/bid/10832 CERT/CC vulnerability note: VU#262350 http://www.kb.cert.org/vuls/id/262350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419 http://secunia.com/advisories/12188 XForce ISS Database: mozilla-user-interface-spoofing(16837) https://exchange.xforce.ibmcloud.com/vulnerabilities/16837 |
| Copyright | Copyright (C) 2004 David Maciejak |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |