DescriptionThe installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:022, published Tue, 25 Apr 2006 15:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:04:20 2013
CVE page last modified: Fri Oct 7 12:45:30 2022