Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.01252Percentile:
0.78459
CVSS Scoring
CVSS v2 Score: 2.6
Severity:
Affected Products
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me