The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-08T00:31:46.881Z

Reserved: 2004-08-02T00:00:00

Link: CVE-2004-0765

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2004-08-18T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0765

cve-icon Redhat

Severity : Low

Publid Date: 2004-02-12T00:00:00Z

Links: CVE-2004-0765 - Bugzilla

cve-icon OpenCVE Enrichment

No data.