Firefox < 1.0 Multiple Spoofing Vulnerabilities

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a web browser installed that is affected
by multiple vulnerabilities.

Description :

The remote host is using Mozilla and/or Firefox, an alternative web
browser. This web browser supports the XUL (XML User Interface
Language), a language designed to manipulate the user interface of the
browser itself.

Since XUL gives the full control of the browser GUI to the visited
websites, an attacker may use it to spoof a third-party website and,
therefore, pretend that the URL and Certificates of the website are
legitimate.

In addition to this, the remote version of this browser is vulnerable
to a flaw which may allow a malicious website to spoof security
properties such as SSL certificates and URIs.

See also :

http://www.nd.edu/~jsmith30/xul/test/spoof.html

Solution :

There is no known solution at this time.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 14181 ()

Bugtraq ID: 10796
10832

CVE ID: CVE-2004-0763
CVE-2004-0764

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now