CVE Database · CVE-2004-1451
CVSS v3.1
N/A
EPSS
1.39%
Published
Dec 31, 2004
Modified
Apr 15, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
Affected Products (35)
References (6)
