The installation confirmation dialog in Firefox prior to 1.0.1, Thunderbird prior to 1.0.1, and Mozilla prior to 1.7.6 allows remote malicious users to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.8 |
||
mozilla firefox 0.9 |
||
mozilla mozilla 1.4.1 |
||
mozilla mozilla 1.4 |
||
mozilla mozilla 1.6 |
||
mozilla mozilla 1.7 |
||
mozilla thunderbird 0.6 |
||
mozilla thunderbird 0.7 |
||
mozilla firefox 0.9.3 |
||
mozilla firefox 1.0 |
||
mozilla mozilla 1.5 |
||
mozilla firefox 0.10 |
||
mozilla firefox 0.10.1 |
||
mozilla mozilla 1.3 |
||
mozilla mozilla 1.7.5 |
||
mozilla thunderbird 0.4 |
||
mozilla thunderbird 0.5 |
||
mozilla thunderbird 0.9 |
||
mozilla thunderbird 1.0 |
||
mozilla mozilla 1.7.2 |
||
mozilla mozilla 1.7.3 |
||
mozilla thunderbird 0.2 |
||
mozilla thunderbird 0.3 |
||
mozilla thunderbird 0.7.3 |
||
mozilla thunderbird 0.8 |
||
mozilla firefox 0.9.1 |
||
mozilla firefox 0.9.2 |
||
mozilla mozilla 1.5.1 |
||
mozilla mozilla 1.7.1 |
||
mozilla thunderbird 0.1 |
||
mozilla thunderbird 0.7.1 |
||
mozilla thunderbird 0.7.2 |