Vulnerability CVE-2005-0584 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0584 (CCN-19526)

Assigned:

2005-02-24

Published:

2005-02-24

Updated:

2017-10-11

Summary:

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2005-0584

Source: CCN
Type: RHSA-2005-176
firefox security update

Source: CCN
Type: RHSA-2005-384
Mozilla security update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-149
Firefox Security Update

Source: CCN
Type: GLSA-200503-10
Mozilla Firefox: Various vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-10

Source: CCN
Type: GLSA-200503-30
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: Vendor Advisory
GLSA-200503-30

Source: CCN
Type: Mozilla Firefox Download Web page
Download Firefox

Source: CCN
Type: Mozilla Suite Download Web page
Mozilla Suite

Source: CCN
Type: MFSA 2005-24
HTTP auth prompt tab spoofing

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/mfsa2005-24.html

Source: REDHAT
Type: UNKNOWN
RHSA-2005:176

Source: REDHAT
Type: UNKNOWN
RHSA-2005:384

Source: CCN
Type: BID-12728
Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus Vulnerability

Source: CCN
Type: USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=277574

Source: XF
Type: UNKNOWN
mozilla-http-tab-spoofing(19526)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100034

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11191

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:11191	V	Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.	2013-04-29
oval:org.mitre.oval:def:100034	V	Mozilla HTTP auth Prompt Tab Spoofing	2007-05-09
oval:com.redhat.rhsa:def:20050384	P	RHSA-2005:384: Mozilla security update (Important)	2005-04-28
oval:com.redhat.rhsa:def:20050176	P	RHSA-2005:176: firefox security update (Critical)	2005-03-01