Lucene search

[email protected]CVE-2004-0765

HistoryAug 18, 2004 - 4:00 a.m.

CVE-2004-0765

2004-08-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0765

mozilla

firefox

thunderbird

certificate spoofing

security vulnerability

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdle0.7
mozilla:firefoxmozilla firefoxle0.9
mozilla:mozillamozillale1.7

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	le	0.7
mozilla:firefox	mozilla firefox	le	0.9
mozilla:mozilla	mozilla	le	1.7

References

bugzilla.mozilla.org/show_bug.cgi?id=234058

marc.info/?l=bugtraq&m=109900315219363&w=2

www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

www.novell.com/linux/security/advisories/2004_36_mozilla.html

www.redhat.com/support/errata/RHSA-2004-421.html

exchange.xforce.ibmcloud.com/vulnerabilities/16868

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2004-0765

openvas6 nessus4 freebsd1 cvelist1 redhat1 suse7 slackware1