Description
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
Product(s):
- FirebirdSQL Firebird 0.7
- Mozilla Firefox 0.8
- Mozilla Mozilla 1.6
- Mozilla Mozilla 1.6 alpha
- Mozilla Mozilla 1.6 beta
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0779, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0779 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.