2 matches found
CVE-2015-1296
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a...
CVE-2005-0593
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via 1 a web site that does not finish loading, which shows the lock of the previous site, 2 a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake ...