The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

When processing URIs that contain an unqualified host name-- specifically, a domain name of only one component-- Mozilla will perform matching against the first component of the domain name in SSL certificates. In other words, in some situations, a certificate issued to 'www.example.com' will be accepted as matching 'www'.

New Mozilla packages are available for Slackware 9.1, 10.0, and
-current to fix a number of security issues. Slackware 10.0 and
-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version.

A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing.

Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079).

The remote host is using a version of Mozilla that is vulnerable to multiple user interface spoofing issues that may allow a rogue web server to mimic the interface of a trusted web site and prompt users to submit sensitive or private information.

The remote host is using a version of Mozilla or Mozilla Thunderbird that is vulnerable to a heap overflow vulnerability. A heap overflow has been reported for the Mozilla POP3 mail handler routines. An attacker controlled POP3 server may be able to execute arbitrary code on the client machine. 

The remote host is using a version of Mozilla that is vulnerable to cross-domain frame loading. It may allow an attacker to spoof the interface of a trusted web site. To exploit this vulnerability a victim will need to visit a web site operated by an attacker.

Versions of Mozilla Firefox prior to 1.7.2 are vulnerable to a SSL spoofing issue that may allow a rogue web server to spoof a trusted certificate from a third party web site using non-fully qualified domain name.

Versions of Mozilla Firefox prior to 1.7.1 are vulnerable to a SSL redirect spoofing issue which may allow a rogue web server to impersonate a legitimate SSL-enabled web site.

The remote host is using a vulnerable version of Mozilla, an open-source web browser. It is reported that Mozilla versions prior 1.7.1 present an issue in the INPUT tag. An attacker may craft a malicious web page that may secretly upload files readable by the victim on a remote computer. 

Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release :

Zen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue.

During a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599)

Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757)

Marcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758)

Met - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759)

Mindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760)

Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718)

Tolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761)

Jesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762)

Emmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the 'onunload' method.
(CVE-2004-0763)

Mozilla allowed malicious websites to hijack the user interface via the 'chrome' flag and XML User Interface Language (XUL) files.
(CVE-2004-0764)

The cert_TestHostName function in Mozilla only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This flaw could be used for spoofing if an attacker had control of machines on a default DNS search path. (CVE-2004-0765)

All users are advised to update to these erratum packages which contain a snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable to these issues.

The remote host is using a version of Mozilla that is vulnerable to a SSL spoofing issue that may allow a rogue web server to spoof a trusted certificate from a third party web site using non-fully qualified domain name.

The remote host is using a version of Mozilla that is vulnerable to a SSL redirect spoofing issue which may allow a rogue web server to impersonate a legitimate SSL-enabled web site.

The remote host is using a vulnerable version of Mozilla, an open-source web browser. It is reported that Mozilla versions prior 1.7.1 present an issue in the INPUT tag. An attacker may craft a malicious web page that may secretly upload files readable by the victim on a remote computer.

The remote host is using a version of Mozilla or Mozilla Thunderbird that is vulnerable to a heap overflow vulnerability. A heap overflow has been reported for the Mozilla POP3 mail handler routines. An attacker controlled POP3 server may be able to execute arbitrary code on the client machine.

ID	Name	Product	Family	Severity
18934	FreeBSD : mozilla -- hostname spoofing bug (5360a659-131c-11d9-bc4a-000c41e2cdad)	Nessus	FreeBSD Local Security Checks	high
18794	Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)	Nessus	Slackware Local Security Checks	critical
14331	Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)	Nessus	Mandriva Local Security Checks	critical
1775	Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated)	Nessus Network Monitor	Web Clients	high
1773	Mozilla Firefox < 1.7.1 / Thunderbird < 0.7.1 POP3 Remote Heap Overflow (deprecated)	Nessus Network Monitor	Web Clients	high
1772	Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated)	Nessus Network Monitor	Web Clients	high
1771	Mozilla Firefox < 1.7.2 Non-FQDN SSL Certificate Spoofing	Nessus Network Monitor	Web Clients	high
1770	Mozilla Firefox < 1.7.1 SSL Redirect Spoofing	Nessus Network Monitor	Web Clients	high
2116	Mozilla Firefox Input Type HTML Tag Unauthorized Access (deprecated)	Nessus Network Monitor	Web Clients	high
14214	RHEL 2.1 / 3 : mozilla (RHSA-2004:421)	Nessus	Red Hat Local Security Checks	critical
801373	Mozilla XML User Interface Language Browser Interface Spoofing	Log Correlation Engine	Web Clients	medium
801292	Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate Spoofing	Log Correlation Engine	Web Clients	medium
801263	Mozilla < 1.7.1 SSL Redirect Spoofing	Log Correlation Engine	Web Clients	medium
801229	Mozilla Browser Input Type HTML Tag Unauthorized Access	Log Correlation Engine	Web Clients	medium
801228	Mozilla < 1.7.1 Cross-Domain Frame Loading Vulnerability	Log Correlation Engine	Web Clients	medium
801211	Mozilla Browser <1.7.1 / Thunderbird < 0.7.1 SendUIDL POP3 Message Handling Remote Heap Overflow	Log Correlation Engine	Web Clients	medium

Detections

Analytics

CVE-2004-0765

high

Tenable Plugins

high

critical

critical

high

high

high

high

high

high

critical

medium

medium

medium

medium

medium

medium