CVE-2004-0763
published 2004-08-18CVE-2004-0763: Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
PriorityP419medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
5.74%
92.1th percentile
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-07-26·CVSS 5.0
CVE-2004-0763 [MEDIUM] security flaw
security flaw
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
GHSA
GHSA-8rh9-c9p7-ppjc: Mozilla Firefox 0
ghsa_unreviewed·2022-05-03
CVE-2004-0763 [MEDIUM] GHSA-8rh9-c9p7-ppjc: Mozilla Firefox 0
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
No detection rules found.
Exploit-DB
Mozilla Browser 0.8/0.9/1.x - Refresh Security Property Spoofing
exploitdb·2004-07-26
CVE-2004-0763 Mozilla Browser 0.8/0.9/1.x - Refresh Security Property Spoofing
Mozilla Browser 0.8/0.9/1.x - Refresh Security Property Spoofing
---
source: https://www.securityfocus.com/bid/10796/info
Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site.
An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this spoofing to steal sensitive or private information, facilitating phishing attacks
Spoofer
It is Great to Use example's Cert!');
document.close();
window.location.reload();
">
Exploit-DB
Microsoft Internet Explorer 6 - Meta Data Foreign Domain Spoofing
exploitdb·2004-04-30
CVE-2004-0763 Microsoft Internet Explorer 6 - Meta Data Foreign Domain Spoofing
Microsoft Internet Explorer 6 - Meta Data Foreign Domain Spoofing
---
source: https://www.securityfocus.com/bid/10248/info
A vulnerability has been reported in Microsoft Internet Explorer that may facilitate certificate spoofing. This issue could aid in attacks which falsify web content to victim users.
The cause of the vulnerability is that it is possible to embed a certificate and content from a foreign domain (via SSL) into a web page. When the web page is visited by the client user, the user will be prompted to authorize the certificate from the foreign domain. This will make it appear as though the web page they are visiting is in the foreign domain.
It should be noted that while the connection will appear to be secure, as denoted by the closed lock icon in the right bottom corne
Bugzilla
CVE-2004-0763 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-0763 [MEDIUM] CVE-2004-0763 security flaw
CVE-2004-0763 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
Bugzilla
CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)
bugzilla·2005-05-24
[MEDIUM] CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)
CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)
During the FC4 security audit, we came across a number of mc issues that have
not been fixed. The CVE id's in the Summary is all we know at the moment.
Jindrich, what do you think will be the easiest way to fix all these?
Discussion:
Hello Josh,
There's Fedora Legacy bug 152889, where some things related to these issues are
discussed and some of the patches might be ported to our RHEL-2.1 mc. I'm not
sure at the moment whether all the fixes are incorporated there. I'll have a
closer look into this.
---
*** Bug 153985 has been marked as a duplicate of this bug. ***
---
Josh,
I backported fixes for CAN-2004-1009, CAN-2004-1090, CAN-2004-1091,
CAN-2004-1093, CAN-200
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://bugzilla.mozilla.org/show_bug.cgi?id=253121http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.htmlhttp://marc.info/?l=bugtraq&m=109087067730938&w=2http://marc.info/?l=bugtraq&m=109900315219363&w=2http://secunia.com/advisories/12160/http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisoryhttp://www.gentoo.org/security/en/glsa/glsa-200408-22.xmlhttp://www.mozilla.org/projects/security/known-vulnerabilities.htmlhttp://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlhttp://www.redhat.com/support/errata/RHSA-2004-421.htmlhttp://www.securityfocus.com/bid/15495https://exchange.xforce.ibmcloud.com/vulnerabilities/16796https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://bugzilla.mozilla.org/show_bug.cgi?id=253121http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.htmlhttp://marc.info/?l=bugtraq&m=109087067730938&w=2http://marc.info/?l=bugtraq&m=109900315219363&w=2http://secunia.com/advisories/12160/http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisoryhttp://www.gentoo.org/security/en/glsa/glsa-200408-22.xmlhttp://www.mozilla.org/projects/security/known-vulnerabilities.htmlhttp://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlhttp://www.redhat.com/support/errata/RHSA-2004-421.htmlhttp://www.securityfocus.com/bid/15495https://exchange.xforce.ibmcloud.com/vulnerabilities/16796https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436
2004-08-18
Published