Weak SSL Password Protection in Mozilla Browsers
CVE-2004-0779

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firebird; Mozilla
Vendor: CVE Published:; 18 August 2004

What is CVE-2004-0779?

Certain Mozilla browsers, including versions 1.6 of Mozilla, 0.7 of Firebird, and 0.8 of Firefox, exhibit a vulnerability where cached passwords for SSL-encrypted sites are not correctly verified for secure transmission. This allows an attacker to exploit this flaw, potentially redirecting users to spoofed sites and intercepting sensitive information, including passwords sent in cleartext. This vulnerability poses a risk to users who rely on secure communications for protecting their sensitive data.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

http://www.mozilla.org/projects/security/known-vulnerabil...

x_refsource_CONFIRM

http://bugzilla.mozilla.org/show_bug.cgi?id=226278

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2004
Vulnerability Reserved
Aug 13, 2004