Vulnerability Name: CVE-2004-0765 (CCN-16868) Assigned: 2004-02-12 Published: 2004-02-12 Updated: 2017-10-11 Summary: The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Bypass Security References: Source: CCN Type: Mozilla Bugzilla Bug 234058Certificate name matching for non-FQDNs is insecure Source: CONFIRM Type: Patch, Vendor Advisoryhttp://bugzilla.mozilla.org/show_bug.cgi?id=234058 Source: MITRE Type: CNACVE-2004-0765 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:877New upstream for mozilla Source: FEDORA Type: UNKNOWNFLSA:2089 Source: CCN Type: RHSA-2004-421mozilla security update Source: CCN Type: Slackware Security Advisories Tue, 10 Aug 2004 14:17:12 -0700 (PDT)[slackware-security] Mozilla (SSA:2004-223-01) Source: CCN Type: Sun Alert ID: 57701Multiple Security Vulnerabilities in Mozilla Source: CCN Type: CIAC Information Bulletin O-195Mozilla Updated Security Packages Source: CCN Type: CIAC Information Bulletin P-069Sun - Multiple Mozilla Vulnerabilities Source: CCN Type: Mozilla Web siteFixed in Mozilla 1.7/Firefox 0.9/Thunderbird 0.7 Source: CONFIRM Type: UNKNOWNhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 Source: SUSE Type: Vendor AdvisorySUSE-SA:2004:036 Source: REDHAT Type: Patch, Vendor AdvisoryRHSA-2004:421 Source: CCN Type: BID-10876Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerability Source: XF Type: UNKNOWNmozilla-certtesthostname-certificate-spoof(16868) Source: XF Type: UNKNOWNmozilla-certtesthostname-certificate-spoof(16868) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:11162 Source: SUSE Type: SUSE-SA:2004:030apache2: remote DoS condition Source: SUSE Type: SUSE-SA:2004:031cups: remote code execution Source: SUSE Type: SUSE-SA:2004:032apache2: remote denial-of-service Source: SUSE Type: SUSE-SA:2004:033gtk2 gdk-pixbuf: remote code execution Source: SUSE Type: SUSE-SA:2004:034XFree86-libs xshared: remote command execution Source: SUSE Type: SUSE-SA:2004:035samba: remote file disclosure Source: SUSE Type: SUSE-SA:2004:036mozilla: various vulnerabilities Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 0.9)OR cpe:/a:mozilla:mozilla:*:*:*:*:*:*:*:* (Version <= 1.7) OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 0.7) Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.7:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:* OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.opensuse.security:def:20040765 V CVE-2004-0765 2015-11-16 oval:org.mitre.oval:def:11162 V The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. 2013-04-29 oval:com.redhat.rhsa:def:20040421 P RHSA-2004:421: mozilla security update (Critical) 2004-08-04
BACK
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *
mozilla mozilla 1.0 rc1
mozilla mozilla 1.0
mozilla mozilla 1.0.1
mozilla mozilla 1.1
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.3.1
mozilla mozilla 1.6
mozilla firefox 0.8
mozilla mozilla 1.0.2
mozilla mozilla 1.1 alpha
mozilla mozilla 1.1 beta
mozilla mozilla 1.2
mozilla mozilla 1.2 alpha
mozilla mozilla 1.2 beta
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.4.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4 beta
mozilla mozilla 1.5
mozilla mozilla 1.5.1
mozilla mozilla 1.5 alpha
mozilla mozilla 1.5 rc1
mozilla mozilla 1.5 rc2
mozilla mozilla 1.6 alpha
mozilla mozilla 1.6 beta
mozilla thunderbird 0.1
mozilla thunderbird 0.2
mozilla thunderbird 0.3
mozilla thunderbird 0.4
mozilla thunderbird 0.5
mozilla thunderbird 0.6
mozilla firefox 0.7
sun solaris 8
sun solaris 9
suse suse linux 8.1
suse linux enterprise server 8
slackware slackware linux current
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
redhat enterprise linux 2.1
conectiva linux 9.0
slackware slackware linux 9.1
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
suse suse linux 9.1
redhat enterprise linux 3
conectiva linux 10
slackware slackware linux 10.0
redhat linux advanced workstation 2.1
suse linux enterprise server 9