CVE-2004-0779

Name of the Vulnerable Software and Affected Versions Mozilla versions 1.6 Firebird versions 0.7 Firefox versions 0.8

Description The issue concerns the improper verification of cached passwords for SSL encrypted sites, allowing a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. This occurs because the browsers do not properly ensure that cached passwords are only sent via SSL encrypted sessions to the site.

Recommendations For Mozilla version 1.6, update the browser to a version that properly verifies SSL encrypted sessions for cached passwords. For Firebird version 0.7, update the browser to a version that properly verifies SSL encrypted sessions for cached passwords. For Firefox version 0.8, update the browser to a version that properly verifies SSL encrypted sessions for cached passwords.