Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL secure site lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
| Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
| Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
| Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
| Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
| Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
| Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
| Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
| Firefox | Mozilla | 1.0 (including) | 1.0 (including) |
| Mozilla | Mozilla | 1.3 (including) | 1.3 (including) |
| Mozilla | Mozilla | 1.4 (including) | 1.4 (including) |
| Mozilla | Mozilla | 1.4-alpha (including) | 1.4-alpha (including) |
| Mozilla | Mozilla | 1.4.1 (including) | 1.4.1 (including) |
| Mozilla | Mozilla | 1.5 (including) | 1.5 (including) |
| Mozilla | Mozilla | 1.5-alpha (including) | 1.5-alpha (including) |
| Mozilla | Mozilla | 1.5-rc1 (including) | 1.5-rc1 (including) |
| Mozilla | Mozilla | 1.5-rc2 (including) | 1.5-rc2 (including) |
| Mozilla | Mozilla | 1.5.1 (including) | 1.5.1 (including) |
| Mozilla | Mozilla | 1.6 (including) | 1.6 (including) |
| Mozilla | Mozilla | 1.6-alpha (including) | 1.6-alpha (including) |
| Mozilla | Mozilla | 1.6-beta (including) | 1.6-beta (including) |
| Mozilla | Mozilla | 1.7 (including) | 1.7 (including) |
| Mozilla | Mozilla | 1.7-alpha (including) | 1.7-alpha (including) |
| Mozilla | Mozilla | 1.7-beta (including) | 1.7-beta (including) |
| Mozilla | Mozilla | 1.7-rc1 (including) | 1.7-rc1 (including) |
| Mozilla | Mozilla | 1.7-rc2 (including) | 1.7-rc2 (including) |
| Mozilla | Mozilla | 1.7-rc3 (including) | 1.7-rc3 (including) |
| Mozilla | Mozilla | 1.7.1 (including) | 1.7.1 (including) |
| Mozilla | Mozilla | 1.7.2 (including) | 1.7.2 (including) |
| Mozilla | Mozilla | 1.7.3 (including) | 1.7.3 (including) |
| Mozilla | Mozilla | 1.7.5 (including) | 1.7.5 (including) |
| Mozilla | Ubuntu | dapper | * |
| Mozilla | Ubuntu | edgy | * |
| Red Hat Enterprise Linux 2.1 | RedHat | galeon | * |
| Red Hat Enterprise Linux 2.1 | RedHat | mozilla | * |
| Red Hat Enterprise Linux 3 | RedHat | mozilla | * |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:1.0.1-1.4.3 | * |