Vulnerability Name:

CVE-2005-4809 (CCN-32600)

Assigned:2005-03-15
Published:2005-03-15
Updated:2017-07-20
Summary:Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Other
References:Source: CCN
Type: Full-Disclosure Mailing List, Sun Mar 13 2005 - 09:56:35 CST
Firefox 1.01 : spoofing status bar without using JavaScript

Source: MITRE
Type: CNA
CVE-2005-4809

Source: FULLDISC
Type: UNKNOWN
20050313 Firefox 1.01 : spoofing status bar without using JavaScript

Source: CCN
Type: SA14568
Mozilla "Save Link Target As..." Status Bar Spoofing Weakness

Source: SECUNIA
Type: Vendor Advisory
14568

Source: CCN
Type: SECTRACK ID: 1013423
Firefox Link in Embedded Table Lets Remote Users Spoof the Status Bar Contents

Source: SECTRACK
Type: UNKNOWN
1013423

Source: CCN
Type: Mozilla Web site
Firefox web browser | Faster, more secure, & customizable

Source: OSVDB
Type: UNKNOWN
14885

Source: CCN
Type: OSVDB ID: 14885
Mozilla Firefox Embedded Table Link Status Bar Content Spoofing

Source: BID
Type: Exploit
12798

Source: CCN
Type: BID-12798
Mozilla Suite/Firefox/Thunderbird Nested Anchor Tag Status Bar Spoofing Weakness

Source: VUPEN
Type: UNKNOWN
ADV-2005-0260

Source: XF
Type: UNKNOWN
mozilla-save-link-as-dialog-spoofing(19540)

Source: XF
Type: UNKNOWN
mozilla-statusbar-spoofing(32600)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:preview_release:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mozilla firefox 0.8
    mozilla firefox 0.9
    mozilla firefox 0.9 rc
    mozilla firefox 0.9.1
    mozilla firefox 0.9.2
    mozilla firefox 0.9.3
    mozilla firefox 0.10
    mozilla firefox 0.10.1
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox preview_release
    mozilla mozilla 1.7.3
    mozilla mozilla 1.7.4
    mozilla mozilla 1.7.5
    mozilla mozilla 1.7.6
    mozilla thunderbird 0.6
    mozilla thunderbird 0.7
    mozilla thunderbird 0.7.1
    mozilla thunderbird 0.7.2
    mozilla thunderbird 0.7.3
    mozilla thunderbird 0.8
    mozilla thunderbird 0.9
    mozilla thunderbird 1.0
    mozilla thunderbird 1.0.1
    mozilla firefox 0.8
    mozilla firefox 0.9 rc
    mozilla firefox 0.9.2
    mozilla firefox 0.9.1
    mozilla firefox 0.9.3
    mozilla mozilla 1.7.3
    mozilla firefox 0.10.1
    mozilla thunderbird 0.8
    mozilla firefox 1.0
    mozilla mozilla 1.7.5
    mozilla thunderbird 1.0.1
    mozilla firefox 1.0.1
    mozilla mozilla 1.7.6
    mozilla firefox 0.10
    mozilla firefox 0.9
    mozilla mozilla 1.7.4
    mozilla thunderbird 0.6
    mozilla thunderbird 0.7
    mozilla thunderbird 0.7.1
    mozilla thunderbird 0.7.2
    mozilla thunderbird 0.7.3
    mozilla thunderbird 0.9
    mozilla thunderbird 1.0