PT-2004-1853 · Mozilla · Firefox+2

Published

2004-08-14

Updated

2017-07-11

CVE-2004-0779

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla versions 1.6 Firebird versions 0.7 Firefox versions 0.8

Description The issue concerns the improper verification of cached passwords for SSL encrypted sites, allowing a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. This occurs because the browsers do not properly ensure that cached passwords are only sent via SSL encrypted sessions to the site.

Recommendations For Mozilla version 1.6, update the browser to a version that properly verifies SSL encrypted sessions for cached passwords. For Firebird version 0.7, update the browser to a version that properly verifies SSL encrypted sessions for cached passwords. For Firefox version 0.8, update the browser to a version that properly verifies SSL encrypted sessions for cached passwords.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0779

Affected Products

Firebird

Firefox

Mozilla Firefox

PT-2004-1853 · Mozilla · Firefox+2

CVE-2004-0779

Related Identifiers

Affected Products

References · 5