 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.14181 |
| Categoría: | Windows |
| Título: | Mozilla/Firefox user interface spoofing |
| Resumen: | The remote host is using Mozilla and/or Firefox, an alternative web browser.; This web browser supports the XUL (XML User Interface Language), a language; designed to manipulate the user interface of the browser itself.;; Since XUL gives the full control of the browser GUI to the visited websites,; an attacker may use it to spoof a third party website and therefore pretend; that the URL and Certificates of the website are legitimate.;; In addition to this, the remote version of this browser is vulnerable to a; flaw which may allow a malicious web site to spoof security properties; such as SSL certificates and URIs. |
| Descripción: | Summary: The remote host is using Mozilla and/or Firefox, an alternative web browser. This web browser supports the XUL (XML User Interface Language), a language designed to manipulate the user interface of the browser itself. Since XUL gives the full control of the browser GUI to the visited websites, an attacker may use it to spoof a third party website and therefore pretend that the URL and Certificates of the website are legitimate. In addition to this, the remote version of this browser is vulnerable to a flaw which may allow a malicious web site to spoof security properties such as SSL certificates and URIs. Solution: None at this time CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0763 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 Bugtraq: 20040726 Mozilla Firefox Certificate Spoofing (Google Search) http://marc.info/?l=bugtraq&m=109087067730938&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.html http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436 http://www.redhat.com/support/errata/RHSA-2004-421.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/12160/ SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-ssl-certificate-spoofing(16796) https://exchange.xforce.ibmcloud.com/vulnerabilities/16796 Common Vulnerability Exposure (CVE) ID: CVE-2004-0764 BugTraq ID: 10832 http://www.securityfocus.com/bid/10832 CERT/CC vulnerability note: VU#262350 http://www.kb.cert.org/vuls/id/262350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419 http://secunia.com/advisories/12188 XForce ISS Database: mozilla-user-interface-spoofing(16837) https://exchange.xforce.ibmcloud.com/vulnerabilities/16837 |
| Copyright | Copyright (C) 2004 David Maciejak |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |