CVE-2005-0591 - Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog

CVE-2005-0591

Summary

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

oval via4

accepted

2007-05-09T16:10:43.836-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Matthew Wojcik
organization The MITRE Corporation
name Matthew Wojcik
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

description

family

windows

oval:org.mitre.oval:def:100042

status

accepted

submitted

2005-08-16T12:00:00.000-04:00

title

Mozilla Download/Security Dialogs Spoofing Vulnerability

version

accepted

2013-04-29T04:00:46.728-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10039

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2005:176
rhsa
id RHSA-2005:384

rpms

firefox-0:1.0.1-1.4.3

refmap via4

bid	12234
bugtraq	20050111 Firespoofing [Firefox 1.0]
confirm	http://www.mozilla.org/security/announce/mfsa2005-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=260560
gentoo	GLSA-200503-10 GLSA-200503-30
misc	http://www.mikx.de/firespoofing/ http://www.mikx.de/index.php?p=7
secunia	13786
xf	web-browser-modal-spoofing(18864)

Last major update

11-10-2017 - 01:29

Published

02-05-2005 - 04:00

Last modified

11-10-2017 - 01:29