Mozilla.Firefox.onunload.SSL.Certificate.Spoofing
Description
A certificate spoofing vulnerability has been identified in the products based on the Mozilla Gecko web browser engine, which display the security settings of a web page. Using the unload event, an attacker can trigger the browser to load a valid certificate from a trusted web site and show the "secure padlock" icon. However the displayed content comes from a malicious web site.
Affected Products
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Browser 1.7.1
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7
Mozilla Browser 1.6
Mozilla Browser 1.5
Mozilla Browser 1.4.2
Mozilla Browser 1.4.1
Mozilla Browser 1.4 b
Mozilla Browser 1.4 a
Mozilla Browser 1.4
Mozilla Browser 1.3.1
Mozilla Browser 1.3
Mozilla Browser 1.2.1
Mozilla Browser 1.2 Beta
Mozilla Browser 1.2 Alpha
Mozilla Browser 1.2
Mozilla Browser 1.1 Beta
Mozilla Browser 1.1 Alpha
Mozilla Browser 1.1
Mozilla Browser 1.0.2
Mozilla Browser 1.0.1
Mozilla Browser 1.0 RC2
Mozilla Browser 1.0 RC1
Mozilla Browser 1.0
Mozilla Browser 0.9.48
Mozilla Browser 0.9.35
Mozilla Browser 0.9.9
Mozilla Browser 0.9.8
Mozilla Browser 0.9.7
Mozilla Browser 0.9.6
Mozilla Browser 0.9.5
Mozilla Browser 0.9.4 .1
Mozilla Browser 0.9.4
Mozilla Browser 0.9.3
Mozilla Browser 0.9.2 .1
Mozilla Browser 0.9.2
Mozilla Browser 0.8
Impact
Certificate spoofing.
Recommended Actions
Please see the following references for further information.
http://www.mozilla.org/products/thunderbird/
http://www.mozilla.org/products/firefox/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-10-12 | 16.941 | Name:Mozilla. onunload. SSL. Certificate. Spoofing:Mozilla. Firefox. onunload. SSL. Certificate. Spoofing |