CVE-2004-0779
First published: Sat Aug 14 2004(Updated: )
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =0.8 | |
| FirebirdSQL | =0.7 | |
| Mozilla Mozilla | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0779?
CVE-2004-0779 is considered a moderate severity vulnerability as it allows cached passwords to be sent in cleartext.
How do I fix CVE-2004-0779?
To mitigate CVE-2004-0779, users should upgrade to a more secure version of the affected browsers, such as Mozilla 1.7 or later.
Which browsers are affected by CVE-2004-0779?
CVE-2004-0779 affects Mozilla 1.6, Firebird 0.7, and Firefox 0.8 web browsers.
What are the consequences of exploiting CVE-2004-0779?
Exploitation of CVE-2004-0779 can allow attackers to capture cached passwords sent to spoofed sites.
Is CVE-2004-0779 still relevant today?
CVE-2004-0779 is less relevant today due to many users now operating more secure, updated browsers.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/0.8
- vendor/firebirdsql
- canonical/firebirdsql
- version/firebirdsql/0.7
- canonical/mozilla mozilla
- version/mozilla mozilla/1.6