Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4809 — Mozilla Firefox vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

10.4%

top 6.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Mozilla Thunderbird

Timeline

PublishedDec 31

Latest updateMay 1

Description

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox10 versions+9

▶NVDmozilla/thunderbird9 versions+8

▶NVDmozilla/mozilla4 versions+3

🔴Vulnerability Details

GHSA

GHSA-96x7-cmg8-h727: Mozilla Firefox 1↗2022-05-01

▶

CVEList

CVE-2005-4809: Mozilla Firefox 1↗2006-08-30

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing↗2005-03-14

▶

📋Vendor Advisories

Debian

CVE-2005-4809: firefox - Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunder...↗2005

▶