Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0779

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0779
Last Modified 18 Jul 2013 12:32:45
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0779

Summary

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

Vulnerable Systems

Application

  • Firebirdsql Firebird 0.7

  • Mozilla 1.6

  • Mozilla Firefox 0.8


References

XF - mozilla-plaintext-password(17018)

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=226278

MANDRAKE - MDKSA-2004:082


Last Updated: 27 May 2016 10:38:45