CVE-2005-4809 : Detail

CVE-2005-4809

7.82%V3
Network
2006-08-29
23h00 +00:00
2017-07-19
13h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 25221

Publication date : 2005-03-13 23h00 +00:00
Author : bitlance winter
EDB Verified : Yes

source: https://www.securityfocus.com/bid/12798/info Mozilla Suite/Firefox and Thunderbird are reported prone to a URI obfuscation weakness. The issue is reported to manifest when 'Save Link As...' functionality is invoked on an malicious anchor tag. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present downloads to users that seem to originate from a trusted location. This may facilitate attacks based on this false sense of trust. <h1>Firefox 1.01 : spoofing status bar without using JavaScript</h1> <p>Save the New Features about Firefox 1.02 ( PDF 20K )</p> <p>Right Click and Save Link as ...<p> <div> <a href="http://www.mozilla.org/features_ff102.pdf"> <table><tr><td> <a href="http://www.tpc.org/tpch/spec/tpch2.1.0.pdf">download : http://www.mozilla.org/features_ff102.pdf </a><!-- first --> </td></tr></table> </a><!-- second --> </div>

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version 0.8

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9.1

Mozilla>>Firefox >> Version 0.9.2

Mozilla>>Firefox >> Version 0.9.3

Mozilla>>Firefox >> Version 0.10

Mozilla>>Firefox >> Version 0.10.1

Mozilla>>Firefox >> Version 1.0

Mozilla>>Firefox >> Version 1.0.1

Mozilla>>Firefox >> Version preview_release

    Mozilla>>Mozilla >> Version 1.7.3

    Mozilla>>Mozilla >> Version 1.7.4

    Mozilla>>Mozilla >> Version 1.7.5

    Mozilla>>Mozilla >> Version 1.7.6

    Mozilla>>Thunderbird >> Version 0.6

    Mozilla>>Thunderbird >> Version 0.7

    Mozilla>>Thunderbird >> Version 0.7.1

    Mozilla>>Thunderbird >> Version 0.7.2

    Mozilla>>Thunderbird >> Version 0.7.3

    Mozilla>>Thunderbird >> Version 0.8

    Mozilla>>Thunderbird >> Version 0.9

    Mozilla>>Thunderbird >> Version 1.0

    Mozilla>>Thunderbird >> Version 1.0.1

      References

      http://secunia.com/advisories/14568
      Tags : third-party-advisory, x_refsource_SECUNIA
      http://www.securityfocus.com/bid/12798
      Tags : vdb-entry, x_refsource_BID
      http://securitytracker.com/id?1013423
      Tags : vdb-entry, x_refsource_SECTRACK
      http://www.osvdb.org/14885
      Tags : vdb-entry, x_refsource_OSVDB
      http://marc.info/?l=full-disclosure&m=111073068631287&w=2
      Tags : mailing-list, x_refsource_FULLDISC
      http://www.vupen.com/english/advisories/2005/0260
      Tags : vdb-entry, x_refsource_VUPEN