PT-2004-1843 · Mozilla · Thunderbird+2

Tim Dierks

Publicado

2004-08-03

Atualizado

2017-10-11

CVE-2004-0765

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla versions prior to 1.7 Firefox versions prior to 0.9 Thunderbird versions prior to 0.7

Description The issue arises from the cert TestHostName function, which only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This allows remote attackers to spoof trusted certificates.

Recommendations For Mozilla versions prior to 1.7, update to version 1.7 or later. For Firefox versions prior to 0.9, update to version 0.9 or later. For Thunderbird versions prior to 0.7, update to version 0.7 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0765

Produtos afetados

Firefox

Mozilla Firefox

Thunderbird

PT-2004-1843 · Mozilla · Thunderbird+2

CVE-2004-0765

Identificadores relacionados

Produtos afetados

Referências · 8