CVE-2005-0590

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0590
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	0.6	0.6.x
mozilla / firefox	0.8	0.8.x
mozilla / thunderbird	0.7.2	0.7.2.x
mozilla / thunderbird	0.3	0.3.x
mozilla / mozilla	1.7-alpha	1.7-alpha.x
mozilla / thunderbird	0.2	0.2.x
mozilla / mozilla	1.7-rc1	1.7-rc1.x
mozilla / mozilla	1.5-rc2	1.5-rc2.x
mozilla / mozilla	1.7	1.7.x
mozilla / firefox	0.9.1	0.9.1.x
mozilla / mozilla	1.7.5	1.7.5.x
mozilla / firefox	0.10.1	0.10.1.x
mozilla / thunderbird	1.0	1.0.x
mozilla / firefox	0.9	0.9.x
mozilla / mozilla	1.6-beta	1.6-beta.x
mozilla / mozilla	1.4.1	1.4.1.x
mozilla / mozilla	1.5-alpha	1.5-alpha.x
mozilla / mozilla	1.5-rc1	1.5-rc1.x
mozilla / mozilla	1.3	1.3.x
mozilla / firefox	1.0	1.0.x
mozilla / mozilla	1.7-beta	1.7-beta.x
mozilla / mozilla	1.4	1.4.x
mozilla / mozilla	1.5	1.5.x
mozilla / thunderbird	0.5	0.5.x
mozilla / thunderbird	0.9	0.9.x
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / thunderbird	0.7.3	0.7.3.x
mozilla / firefox	0.9.3	0.9.3.x
mozilla / mozilla	1.4-alpha	1.4-alpha.x
mozilla / thunderbird	0.4	0.4.x
mozilla / thunderbird	0.7	0.7.x
mozilla / mozilla	1.5.1	1.5.1.x
mozilla / firefox	0.9.2	0.9.2.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / thunderbird	0.1	0.1.x
mozilla / firefox	0.9-rc	0.9-rc.x
mozilla / mozilla	1.7-rc3	1.7-rc3.x
mozilla / thunderbird	0.7.1	0.7.1.x
mozilla / thunderbird	0.8	0.8.x
mozilla / mozilla	1.7-rc2	1.7-rc2.x
mozilla / firefox	0.10	0.10.x
mozilla / mozilla	1.7.3	1.7.3.x
mozilla / mozilla	1.6-alpha	1.6-alpha.x
mozilla / mozilla	1.6	1.6.x

Vulnerability Database

289,599

CVE-2005-0590