Vulnerability Details CVE-2005-0147
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.mozilla.org/security/announce/mfsa2005-09.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=267263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19174
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578
- http://www.mozilla.org/security/announce/mfsa2005-09.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=267263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19174
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578
Products affected by CVE-2005-0147
-
cpe:2.3:a:mozilla:firefox:0.8
-
cpe:2.3:a:mozilla:firefox:0.9
-
cpe:2.3:a:mozilla:firefox:0.9.1
-
cpe:2.3:a:mozilla:firefox:0.9.2
-
cpe:2.3:a:mozilla:firefox:0.9.3
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:mozilla:1.7.3