Vulnerability Description
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Firebirdsql | Firebird | 0.7 |
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.6 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=226278
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17018
- http://bugzilla.mozilla.org/show_bug.cgi?id=226278
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17018
FAQ
What is CVE-2004-0779?
CVE-2004-0779 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which ...
How severe is CVE-2004-0779?
CVE-2004-0779 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0779?
Check the references section above for vendor advisories and patch information. Affected products include: Firebirdsql Firebird, Mozilla Firefox, Mozilla Mozilla.