Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html | Broken Link |
http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php | Broken Link Exploit Vendor Advisory |
http://osvdb.org/33705 | Broken Link |
http://www.securityfocus.com/archive/1/459265/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=367538 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-02-07T11:00:00
Updated: 2018-10-16T14:57:01
Reserved: 2007-02-07T00:00:00
Link: CVE-2007-0802
JSON object: View
NVD Information
Status : Analyzed
Published: 2007-02-07T11:28:00.000
Modified: 2022-02-26T04:06:41.483
Link: CVE-2007-0802
JSON object: View
Redhat Information
No data.
CWE