CVE-2004-0779

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firebird; Mozilla
Vendor: CVE Published:; 18 August 2004

Summary

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

http://www.mozilla.org/projects/security/known-vulnerabil...

x_refsource_CONFIRM

http://bugzilla.mozilla.org/show_bug.cgi?id=226278

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 18, 2004
Vulnerability Reserved
Aug 13, 2004