Phishing Attacks

2020-04-1001:09:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

firefox is vulnerable to phishing attacks. The vulnerability exists as a flaw was found in the way Firefox handled RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused Firefox to display the address of said content in the location bar, but not the content in the main window. The previous content continued to be displayed. An attacker could use this flaw to perform phishing attacks, or trick users into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker.

CPENameOperatorVersion
xulrunnereq1.9.2.20__3.el5_7
xulrunnereq1.9.2.4__9.el5
xulrunnereq1.9.2.17__4.el6_0
xulrunnereq1.9.2.24__2.el5_7
xulrunnereq1.9.0.4__1.el5
xulrunnereq1.9.2.11__2.el5
xulrunnereq1.9.0.5__1.el5_2
xulrunnereq1.9.2.14__3.el6_0
xulrunnereq1.9.0.18__1.el5_4
xulrunnereq1.9.2.12__1.el6_0

Name	Operator	Version
xulrunner	eq	1.9.2.20__3.el5_7
xulrunner	eq	1.9.2.4__9.el5
xulrunner	eq	1.9.2.17__4.el6_0
xulrunner	eq	1.9.2.24__2.el5_7
xulrunner	eq	1.9.0.4__1.el5
xulrunner	eq	1.9.2.11__2.el5
xulrunner	eq	1.9.0.5__1.el5_2
xulrunner	eq	1.9.2.14__3.el6_0
xulrunner	eq	1.9.0.18__1.el5_4
xulrunner	eq	1.9.2.12__1.el6_0