CVE-2005-0590
First published: Mon Feb 28 2005(Updated: )
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | =0.6 | |
| Mozilla Firefox | =0.8 | |
| Mozilla Thunderbird | =0.7.2 | |
| Mozilla Thunderbird | =0.3 | |
| Mozilla Mozilla | =1.7-alpha | |
| Mozilla Thunderbird | =0.2 | |
| Mozilla Mozilla | =1.7-rc1 | |
| Mozilla Mozilla | =1.5-rc2 | |
| Mozilla Mozilla | =1.7 | |
| Mozilla Firefox | =0.9.1 | |
| Mozilla Mozilla | =1.7.5 | |
| Mozilla Firefox | =0.10.1 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Firefox | =0.9 | |
| Mozilla Mozilla | =1.6-beta | |
| Mozilla Mozilla | =1.4.1 | |
| Mozilla Mozilla | =1.5-alpha | |
| Mozilla Mozilla | =1.5-rc1 | |
| Mozilla Mozilla | =1.3 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Mozilla | =1.7-beta | |
| Mozilla Mozilla | =1.4 | |
| Mozilla Mozilla | =1.5 | |
| Mozilla Thunderbird | =0.5 | |
| Mozilla Thunderbird | =0.9 | |
| Mozilla Mozilla | =1.7.1 | |
| Mozilla Thunderbird | =0.7.3 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Mozilla | =1.4-alpha | |
| Mozilla Thunderbird | =0.4 | |
| Mozilla Thunderbird | =0.7 | |
| Mozilla Mozilla | =1.5.1 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Mozilla | =1.7.2 | |
| Mozilla Thunderbird | =0.1 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Mozilla | =1.7-rc3 | |
| Mozilla Thunderbird | =0.7.1 | |
| Mozilla Thunderbird | =0.8 | |
| Mozilla Mozilla | =1.7-rc2 | |
| Mozilla Firefox | =0.10 | |
| Mozilla Mozilla | =1.7.3 | |
| Mozilla Mozilla | =1.6-alpha | |
| Mozilla Mozilla | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/mfsa2005-17.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=268059
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://secunia.com/advisories/19823
- http://www.securityfocus.com/bid/12659
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla thunderbird
- version/mozilla thunderbird/0.6
- canonical/mozilla firefox
- version/mozilla firefox/0.8
- version/mozilla thunderbird/0.7.2
- version/mozilla thunderbird/0.3
- canonical/mozilla mozilla
- version/mozilla mozilla/1.7-alpha
- version/mozilla thunderbird/0.2
- version/mozilla mozilla/1.7-rc1
- version/mozilla mozilla/1.5-rc2
- version/mozilla mozilla/1.7
- version/mozilla firefox/0.9.1
- version/mozilla mozilla/1.7.5
- version/mozilla firefox/0.10.1
- version/mozilla thunderbird/1.0
- version/mozilla firefox/0.9
- version/mozilla mozilla/1.6-beta
- version/mozilla mozilla/1.4.1
- version/mozilla mozilla/1.5-alpha
- version/mozilla mozilla/1.5-rc1
- version/mozilla mozilla/1.3
- version/mozilla firefox/1.0
- version/mozilla mozilla/1.7-beta
- version/mozilla mozilla/1.4
- version/mozilla mozilla/1.5
- version/mozilla thunderbird/0.5
- version/mozilla thunderbird/0.9
- version/mozilla mozilla/1.7.1
- version/mozilla thunderbird/0.7.3
- version/mozilla firefox/0.9.3
- version/mozilla mozilla/1.4-alpha
- version/mozilla thunderbird/0.4
- version/mozilla thunderbird/0.7
- version/mozilla mozilla/1.5.1
- version/mozilla firefox/0.9.2
- version/mozilla mozilla/1.7.2
- version/mozilla thunderbird/0.1
- version/mozilla firefox/0.9-rc
- version/mozilla mozilla/1.7-rc3
- version/mozilla thunderbird/0.7.1
- version/mozilla thunderbird/0.8
- version/mozilla mozilla/1.7-rc2
- version/mozilla firefox/0.10
- version/mozilla mozilla/1.7.3
- version/mozilla mozilla/1.6-alpha
- version/mozilla mozilla/1.6