• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerability

Solution:
Conectiva has released an advisory (CLA-2004:877) to address various issues including this issue in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.

SCO has released an advisory SCOSA-2005.25 including updated packages to address this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:421-17 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

The vendor has released an upgrade dealing with this issue.

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198527&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

Slackware has released an advisory (SSA:2004-223-01) to address this issue. Please see the referenced advisory for more information.

Mandrake Linux has released advisory MDKSA-2004:082 along with fixes addressing this issue. Please see the referenced advisory for further information.

SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:

Patch 10095 is available from http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

The individual RPMs from Patch 10095 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.


Mozilla Thunderbird 0.6

• Mozilla Thunderbird 0.7.3
  http://www.mozilla.org/products/thunderbird/

Mozilla Thunderbird 0.7

• Mozilla Thunderbird 0.7.3
  http://www.mozilla.org/products/thunderbird/

Mozilla Thunderbird 0.7.1

• Mozilla Thunderbird 0.7.3
  http://www.mozilla.org/products/thunderbird/

Mozilla Thunderbird 0.7.2

• Mozilla Thunderbird 0.7.3
  http://www.mozilla.org/products/thunderbird/

Mozilla Firefox 0.8

• Mozilla Firefox 0.9.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9

• Mozilla Firefox 0.9.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9 rc

• Mozilla Firefox 0.9.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.1

• Mozilla Firefox 0.9.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.2

• Mozilla Firefox 0.9.3
  http://www.mozilla.org/products/firefox/

Mozilla Browser 1.0 RC1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.0 RC2

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.0

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.0.1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.0.2

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.1 Alpha

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.1 Beta

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.2 Alpha

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.2

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.2 Beta

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.2.1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/


• RedHat galeon-1.2.13-0.9.2.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.13-0 .9.2.legacy.i386.rpm


• RedHat mozilla-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.4.3-0 .9.1.legacy.i386.rpm


• RedHat mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1. 4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1 .4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-ins pector-1.4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debu gger-1.4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1. 4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1. 4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-de vel-1.4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.4 .3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-dev el-1.4.3-0.9.1.legacy.i386.rpm

Mozilla Browser 1.3

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.3.1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.4 b

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.4

• Mandrake libnspr4-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.4-13.3.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.4-13.3.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/


• Slackware mozilla-1.4.3-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m ozilla-1.4.3-i486-1.tgz


• Slackware mozilla-plugins-1.4.3-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m ozilla-plugins-1.4.3-noarch-1.tgz

Mozilla Browser 1.4 a

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.4.1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/


• RedHat epiphany-1.0.4-2.4.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.4- 2.4.legacy.i386.rpm


• RedHat mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.4.3-1 .fc1.1.legacy.i386.rpm


• RedHat mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1 .4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-ins pector-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debu gger-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-de vel-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.4 .3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-dev el-1.4.3-1.fc1.1.legacy.i386.rpm

Mozilla Browser 1.4.2

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.5

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.6

• Mandrake libnspr4-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.6-12.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.6-12.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/


• Slackware epiphany-1.2.7-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ epiphany-1.2.7-i486-1.tgz


• Slackware gaim-0.81-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gaim-0.81-i486-1.tgz


• Slackware galeon-1.3.17-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ galeon-1.3.17-i486-1.tgz


• Slackware mozilla-1.7.2-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ mozilla-1.7.2-i486-1.tgz


• Slackware mozilla-plugins-1.7.2-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ mozilla-plugins-1.7.2-noarch-1.tgz

Mozilla Browser 1.7 rc3

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.1

• Mozilla Mozilla 1.7.2
  http://www.mozilla.org/products/mozilla1.x/