QwikSec

Security Database

CVE

CWE

Training

CVE-2004-0765

Published: Aug 3, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugzilla.mozilla.org/show_bug.cgi?id=234058

x_refsource_CONFIRM

oval:org.mitre.oval:def:11162

vdb-entry

signature

x_refsource_OVAL

SUSE-SA:2004:036

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

mozilla-certtesthostname-certificate-spoof(16868)

vdb-entry

x_refsource_XF

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

x_refsource_CONFIRM

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.