Info

Disclosure

Jul 26, 2004

Discovery

Unknown

Dates

Exploit

Jul 26, 2004

Solution

Unknown

Description

Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification. The issue is triggered when using "onunload" inside a < body> tag and redirection using http-equiv refresh metatag, document.write() and document.close(), which will spoof a trusted website. By sending a specially crafted webpage, a remote attacker can represent the malicious Web site as that of a trusted site, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Mozilla Organization	Firefox	0.9.1
		0.9.2
	Mozilla	1.7.1

References

Bugtraq ID: 10248
Secunia Advisory ID: 12160 15432 17645
ISS X-Force ID: 16796
CVE ID: 2004-0763 (see also: NVD)
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory
http://www.securiteam.com/securitynews/5EP0L1PDFG.html
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1041.html
Vendor URL: http://www.mozilla.com
Keyword: SCOSA-2005.49

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

Mozilla

References

Credit