CVE-2005-0590
First published: Mon Feb 28 2005(Updated: )
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | =0.6 | |
| Firefox | =0.8 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =0.3 | |
| Mozilla Firefox | =1.7-alpha | |
| Thunderbird | =0.2 | |
| Mozilla Firefox | =1.7-rc1 | |
| Mozilla Firefox | =1.5-rc2 | |
| Mozilla Firefox | =1.7 | |
| Firefox | =0.9.1 | |
| Mozilla Firefox | =1.7.5 | |
| Firefox | =0.10.1 | |
| Thunderbird | =1.0 | |
| Firefox | =0.9 | |
| Mozilla Firefox | =1.6-beta | |
| Mozilla Firefox | =1.4.1 | |
| Mozilla Firefox | =1.5-alpha | |
| Mozilla Firefox | =1.5-rc1 | |
| Mozilla Firefox | =1.3 | |
| Firefox | =1.0 | |
| Mozilla Firefox | =1.7-beta | |
| Mozilla Firefox | =1.4 | |
| Mozilla Firefox | =1.5 | |
| Thunderbird | =0.5 | |
| Thunderbird | =0.9 | |
| Mozilla Firefox | =1.7.1 | |
| Thunderbird | =0.7.3 | |
| Firefox | =0.9.3 | |
| Mozilla Firefox | =1.4-alpha | |
| Thunderbird | =0.4 | |
| Thunderbird | =0.7 | |
| Mozilla Firefox | =1.5.1 | |
| Firefox | =0.9.2 | |
| Mozilla Firefox | =1.7.2 | |
| Thunderbird | =0.1 | |
| Firefox | =0.9-rc | |
| Mozilla Firefox | =1.7-rc3 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =0.8 | |
| Mozilla Firefox | =1.7-rc2 | |
| Firefox | =0.10 | |
| Mozilla Firefox | =1.7.3 | |
| Mozilla Firefox | =1.6-alpha | |
| Mozilla Firefox | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/mfsa2005-17.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=268059
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://secunia.com/advisories/19823
- http://www.securityfocus.com/bid/12659
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041
Frequently Asked Questions
What is the severity of CVE-2005-0590?
CVE-2005-0590 is classified as a moderate severity vulnerability.
How do I fix CVE-2005-0590?
To fix CVE-2005-0590, update your Firefox or Thunderbird to version 1.0.1 or later.
What types of software are affected by CVE-2005-0590?
CVE-2005-0590 affects multiple versions of Mozilla Firefox and Thunderbird prior to version 1.0.1 and Mozilla prior to version 1.7.6.
What kind of attack does CVE-2005-0590 enable?
CVE-2005-0590 allows remote attackers to spoof the hostname when performing installations.
When was CVE-2005-0590 disclosed?
CVE-2005-0590 was disclosed in March 2005.
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/thunderbird
- version/thunderbird/0.6
- canonical/firefox
- version/firefox/0.8
- version/thunderbird/0.7.2
- version/thunderbird/0.3
- canonical/mozilla firefox
- version/mozilla firefox/1.7-alpha
- version/thunderbird/0.2
- version/mozilla firefox/1.7-rc1
- version/mozilla firefox/1.5-rc2
- version/mozilla firefox/1.7
- version/firefox/0.9.1
- version/mozilla firefox/1.7.5
- version/firefox/0.10.1
- version/thunderbird/1.0
- version/firefox/0.9
- version/mozilla firefox/1.6-beta
- version/mozilla firefox/1.4.1
- version/mozilla firefox/1.5-alpha
- version/mozilla firefox/1.5-rc1
- version/mozilla firefox/1.3
- version/firefox/1.0
- version/mozilla firefox/1.7-beta
- version/mozilla firefox/1.4
- version/mozilla firefox/1.5
- version/thunderbird/0.5
- version/thunderbird/0.9
- version/mozilla firefox/1.7.1
- version/thunderbird/0.7.3
- version/firefox/0.9.3
- version/mozilla firefox/1.4-alpha
- version/thunderbird/0.4
- version/thunderbird/0.7
- version/mozilla firefox/1.5.1
- version/firefox/0.9.2
- version/mozilla firefox/1.7.2
- version/thunderbird/0.1
- version/firefox/0.9-rc
- version/mozilla firefox/1.7-rc3
- version/thunderbird/0.7.1
- version/thunderbird/0.8
- version/mozilla firefox/1.7-rc2
- version/firefox/0.10
- version/mozilla firefox/1.7.3
- version/mozilla firefox/1.6-alpha
- version/mozilla firefox/1.6