virus logo Intrusion Prevention

Mozilla.Firefox.onunload.SSL.Certificate.Spoofing

description-logoDescription

A certificate spoofing vulnerability has been identified in the products based on the Mozilla Gecko web browser engine, which display the security settings of a web page. Using the unload event, an attacker can trigger the browser to load a valid certificate from a trusted web site and show the "secure padlock" icon. However the displayed content comes from a malicious web site.

affected-products-logoAffected Products

Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Browser 1.7.1
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7
Mozilla Browser 1.6
Mozilla Browser 1.5
Mozilla Browser 1.4.2
Mozilla Browser 1.4.1
Mozilla Browser 1.4 b
Mozilla Browser 1.4 a
Mozilla Browser 1.4
Mozilla Browser 1.3.1
Mozilla Browser 1.3
Mozilla Browser 1.2.1
Mozilla Browser 1.2 Beta
Mozilla Browser 1.2 Alpha
Mozilla Browser 1.2
Mozilla Browser 1.1 Beta
Mozilla Browser 1.1 Alpha
Mozilla Browser 1.1
Mozilla Browser 1.0.2
Mozilla Browser 1.0.1
Mozilla Browser 1.0 RC2
Mozilla Browser 1.0 RC1
Mozilla Browser 1.0
Mozilla Browser 0.9.48
Mozilla Browser 0.9.35
Mozilla Browser 0.9.9
Mozilla Browser 0.9.8
Mozilla Browser 0.9.7
Mozilla Browser 0.9.6
Mozilla Browser 0.9.5
Mozilla Browser 0.9.4 .1
Mozilla Browser 0.9.4
Mozilla Browser 0.9.3
Mozilla Browser 0.9.2 .1
Mozilla Browser 0.9.2
Mozilla Browser 0.8

Impact logoImpact

Certificate spoofing.

recomended-action-logoRecommended Actions

Please see the following references for further information.
http://www.mozilla.org/products/thunderbird/
http://www.mozilla.org/products/firefox/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-12 16.941 Name:Mozilla.
onunload.
SSL.
Certificate.
Spoofing:Mozilla.
Firefox.
onunload.
SSL.
Certificate.
Spoofing
ID 14916
Created Aug 27, 2007
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2004-0763
Exploit Prediction Score 95.96%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Mozilla