CVE-2005-0593

Publication date 4 March 2005

Last updated 24 July 2024

Ubuntu priority

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mozilla	7.04 feisty	Not in release
	6.10 edgy	Fixed 1.7.12-1.1ubuntu2
	6.06 LTS dapper	Fixed 1.7.12-1.1ubuntu2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities
28 July 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0593