PT-2013-2603 · Mozilla+3 · Firefox+7

Publicado

2013-02-19

·

Atualizado

2024-12-12

·

CVE-2013-0776

CVSS v2.0

4.0

Média

VetorAV:N/AC:H/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 19.0 Firefox ESR versions prior to 17.0.3 Thunderbird versions prior to 17.0.3 Thunderbird ESR versions prior to 17.0.3 SeaMonkey versions prior to 2.16
Description The issue allows man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script. This can be demonstrated by a phishing attack on an HTTPS site.
Recommendations For Mozilla Firefox versions prior to 19.0, update to version 19.0 or later. For Firefox ESR versions prior to 17.0.3, update to version 17.0.3 or later. For Thunderbird versions prior to 17.0.3, update to version 17.0.3 or later. For Thunderbird ESR versions prior to 17.0.3, update to version 17.0.3 or later. For SeaMonkey versions prior to 2.16, update to version 2.16 or later.

Exploit

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CESA-2013_0271
CESA-2013_0272
CVE-2013-0776
DSA-2699-1
OPENSUSE-SU-2013_0323-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2013:0271
RHSA-2013:0272
RHSA-2013_0271
RHSA-2013_0272

Produtos afetados

Centos
Firefox Esr
Firefox
Red Hat
Seamonkey
Suse
Thunderbird
Thunderbird Esr