CVE-2004-0779

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

Published: Aug 18, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0779
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	0.8	0.8.x
firebirdsql / firebird	0.7	0.7.x
mozilla / mozilla	1.6	1.6.x

http://bugzilla.mozilla.org/show_bug.cgi?id=226278
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
https://exchange.xforce.ibmcloud.com/vulnerabilities/17018

Vulnerability Database

289,599

CVE-2004-0779