Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.14181
Kategorie:Windows
Titel:Mozilla/Firefox user interface spoofing
Zusammenfassung:The remote host is using Mozilla and/or Firefox, an alternative web browser.; This web browser supports the XUL (XML User Interface Language), a language; designed to manipulate the user interface of the browser itself.;; Since XUL gives the full control of the browser GUI to the visited websites,; an attacker may use it to spoof a third party website and therefore pretend; that the URL and Certificates of the website are legitimate.;; In addition to this, the remote version of this browser is vulnerable to a; flaw which may allow a malicious web site to spoof security properties; such as SSL certificates and URIs.
Beschreibung:Summary:
The remote host is using Mozilla and/or Firefox, an alternative web browser.
This web browser supports the XUL (XML User Interface Language), a language
designed to manipulate the user interface of the browser itself.

Since XUL gives the full control of the browser GUI to the visited websites,
an attacker may use it to spoof a third party website and therefore pretend
that the URL and Certificates of the website are legitimate.

In addition to this, the remote version of this browser is vulnerable to a
flaw which may allow a malicious web site to spoof security properties
such as SSL certificates and URIs.

Solution:
None at this time

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 10796
BugTraq ID: 10832
Common Vulnerability Exposure (CVE) ID: CVE-2004-0763
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
Bugtraq: 20040726 Mozilla Firefox Certificate Spoofing (Google Search)
http://marc.info/?l=bugtraq&m=109087067730938&w=2
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.html
http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436
http://www.redhat.com/support/errata/RHSA-2004-421.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/12160/
SuSE Security Announcement: SUSE-SA:2004:036 (Google Search)
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
XForce ISS Database: mozilla-ssl-certificate-spoofing(16796)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16796
Common Vulnerability Exposure (CVE) ID: CVE-2004-0764
http://www.securityfocus.com/bid/10832
CERT/CC vulnerability note: VU#262350
http://www.kb.cert.org/vuls/id/262350
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419
http://secunia.com/advisories/12188
XForce ISS Database: mozilla-user-interface-spoofing(16837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16837
CopyrightCopyright (C) 2004 David Maciejak

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.