CVE-2004-0763

Mozilla Firefox <0.9.3 - XSS

Title source: llm

Description

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by E.Kellinis · htmlremotelinux

https://www.exploit-db.com/exploits/24312

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by E.Kellinis · htmlremotewindows

https://www.exploit-db.com/exploits/24069

View Code ZIP pw:eip

References (15)

[Various Sources] http://www.mozilla.org/projects/security/known-vulnerabilities.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-421.html

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml

[Patch, Vendor Advisory] http://bugzilla.mozilla.org/show_bug.cgi?id=253121

[Various Sources] ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.html

[Vendor Advisory] http://secunia.com/advisories/12160/

[Mailing List] http://marc.info/?l=bugtraq&m=109900315219363&w=2

[Various Sources] http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16796

[Mailing List] http://marc.info/?l=bugtraq&m=109087067730938&w=2

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15495

Scores

EPSS 0.1317

EPSS Percentile 94.2%

Details

Status published

Products (2)

mozilla/firefox 0.9.1

mozilla/firefox 0.9.2

Published Aug 18, 2004

Tracked Since Feb 18, 2026