CVE-2005-0590

CVE Database · CVE-2005-0590

CVE-2005-0590

· N/AModified

CVSS v3.1

N/A

EPSS

1.67%

Published

May 2, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

Affected Products (44)

mozilla · firefoxvulnerable

mozilla · mozillavulnerable

· mozilla

References (20)

http://secunia.com/advisories/19823

http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

PatchVendor Advisory

http://www.mozilla.org/security/announce/mfsa2005-17.html

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-176.html

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.securityfocus.com/bid/12659

https://bugzilla.mozilla.org/show_bug.cgi?id=268059

KEV Catalog EPSS Scores Vendors All CVEs