CVE-2005-2602 - Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI,

CVE-2005-2602

Summary

Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.

References

http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1682
http://www.securityfocus.com/archive/1/407704
http://www.securityfocus.com/bid/14526

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 05-09-2008 - 20:52)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	14526
bugtraq	20050809 Mozilla Firefox up to 1.0.6 and Mozilla Thunderbird up to 1.0 url string obfuscation
misc	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1682

Last major update

05-09-2008 - 20:52

Published

17-08-2005 - 04:00

Last modified

05-09-2008 - 20:52