Vulnerability Name:

CCN-10546

Published:2002-09-18
Updated:2002-09-18
Summary:Mozilla fails to display a warning message when redirecting HTTP using a non-secure Web site. This vulnerability could result in weaker than anticipated security on the system.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Configuration
References:Source: CCN
Type: BugTraq Mailing List, Wed Sep 18 2002 - 11:08:52 CDT
Mozilla vulnerabilities, an update

Source: CCN
Type: Mozilla Web site
Bug 154240 No warning when redirecting https-http-https at http protocol level

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:568
mozilla -- several vulnerabilities

Source: CCN
Type: BID-5757
Mozilla Browser HTTP/HTTPS Redirection Weakness

Source: XF
Type: UNKNOWN
mozilla-httpredirect-no-warning(10546)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mozilla mozilla 0.9.6
    mozilla mozilla 0.8
    mozilla mozilla 0.9.9
    mozilla mozilla 1.0 rc1
    mozilla mozilla 1.0
    mozilla mozilla 0.9.2
    mozilla mozilla 0.9.2.1
    mozilla mozilla 0.9.3
    mozilla mozilla 0.9.4
    mozilla mozilla 0.9.4.1
    mozilla mozilla 0.9.5
    mozilla mozilla 0.9.7
    mozilla mozilla 0.9.8
    conectiva linux 6.0
    conectiva linux 7.0
    redhat linux 7.2
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    redhat linux 7.3
    redhat linux 8.0