CVE-2005-4874
Mozilla 1.7.8 - Information Disclosure via XMLHttpRequest HTTP TRACE Method
Title source: llmDescription
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=297078
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41553
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=302489
Scores
EPSS
0.0125
EPSS Percentile
65.7%
Details
CWE
CWE-94
Status
published
Products (1)
mozilla/mozilla
1.7.8
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026