mozilla -- hostname spoofing bug
Description:
When processing URIs that contain an unqualified host name--
specifically, a domain name of only one component--
Mozilla will perform matching against the first component
of the domain name in SSL certificates. In other words, in
some situations, a certificate issued to "www.example.com"
will be accepted as matching "www".
References:
Affects:
- thunderbird <0.7
- de-linux-mozillafirebird <0.9.2
- el-linux-mozillafirebird <0.9.2
- firefox <0.9.2
- ja-linux-mozillafirebird-gtk1 <0.9.2
- ja-mozillafirebird-gtk2 <0.9.2
- linux-mozillafirebird <0.9.2
- ru-linux-mozillafirebird <0.9.2
- zhCN-linux-mozillafirebird <0.9.2
- zhTW-linux-mozillafirebird <0.9.2
- de-netscape7 <=7.2
- fr-netscape7 <=7.2
- ja-netscape7 <=7.2
- netscape7 <=7.2
- pt_BR-netscape7 <=7.2
- mozilla-gtk1 <1.7
- linux-mozilla <1.7
- linux-mozilla-devel <1.7
- mozilla <1.7,2
- de-linux-netscape >=0
- fr-linux-netscape >=0
- ja-linux-netscape >=0
- linux-netscape >=0
- linux-phoenix >=0
- mozilla+ipv6 >=0
- mozilla-embedded >=0
- mozilla-firebird >=0
- mozilla-gtk2 >=0
- mozilla-gtk >=0
- mozilla-thunderbird >=0
- phoenix >=0
portaudit: mozilla -- hostname spoofing bug
Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the
database, please contact the
FreeBSD Security Officer. Refer to
"FreeBSD Security
Information" for more information.
Oliver Eikemeier <eik@FreeBSD.org>