CVE-2004-0779

CVE Database · CVE-2004-0779

CVE-2004-0779

· N/AModified

CVSS v3.1

N/A

EPSS

2.11%

Published

Aug 18, 2004

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

Affected Products (3)

firebirdsql · firebirdvulnerable

mozilla · firefoxvulnerable

mozilla · mozillavulnerable

References (8)

http://bugzilla.mozilla.org/show_bug.cgi?id=226278

http://www.mandriva.com/security/advisories?name=MDKSA-2004:082

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

https://exchange.xforce.ibmcloud.com/vulnerabilities/17018

http://bugzilla.mozilla.org/show_bug.cgi?id=226278

http://www.mandriva.com/security/advisories?name=MDKSA-2004:082

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7

https://exchange.xforce.ibmcloud.com/vulnerabilities/17018

KEV Catalog EPSS Scores Vendors All CVEs