CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.1%
Juan Pablo Lopez Yacubian discovered that Firefox did not properly display
invalid URLs. If a user were tricked into accessing a malicious website, an
attacker could exploit this to spoof the location bar, such as in a
phishing attack. Furthermore, if the malicious website had a valid SSL
certificate, Firefox would display the spoofed page as trusted.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | firefox-3.0 | < 3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | abrowser | < 3.0-branding-3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-branding-3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-dev-3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | firefox | < 3.0-gnome-support-3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | abrowser | < 3.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | xulrunner-1.9 | < 1.9.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | xulrunner-1.9 | < dev-1.9.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | xulrunner-1.9 | < gnome-support-1.9.0.13+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |