PT-2004-1843 · Mozilla · Thunderbird+2

Tim Dierks

Published

2004-08-03

Updated

2017-10-11

CVE-2004-0765

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla versions prior to 1.7 Firefox versions prior to 0.9 Thunderbird versions prior to 0.7

Description The issue arises from the cert TestHostName function, which only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This allows remote attackers to spoof trusted certificates.

Recommendations For Mozilla versions prior to 1.7, update to version 1.7 or later. For Firefox versions prior to 0.9, update to version 0.9 or later. For Thunderbird versions prior to 0.7, update to version 0.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0765

Affected Products

Firefox

Mozilla Firefox

Thunderbird

PT-2004-1843 · Mozilla · Thunderbird+2

CVE-2004-0765

Related Identifiers

Affected Products

References · 8