Oval Definition:oval:org.mitre.oval:def:100041
Revision Date:2007-05-09Version:5
Title:Mozilla 'user:pass@host' Spoofing Vulnerability
Description:The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-0590
Platform(s):Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):mozilla
Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis
  • Mozilla Firefox version 1.0 or earlier is installed
  • Firefox version 1.0 or earlier is installed
  • AND Mozilla Firefox version 1.0 or earlier is installed
  • OR Mozilla Thunderbird version 1.0 or earlier is installed
  • Mozilla Thunderbird version 1.0 or earlier is installed
  • AND Mozilla Thunderbird version 1.0 or earlier is installed
  • OR Mozilla Suite version 1.7.5 or earlier is installed
  • Mozilla Suite version 1.7.5 or earlier is installed
  • AND Mozilla Suite version 1.7.5 or earlier is installed
    • BACK