Lucene search

MitreCVE-2010-0172

HistoryMar 25, 2010 - 9:00 p.m.

CVE-2010-0172

2010-03-2521:00:00

mitre

web.nvd.nist.gov

cve-2010-0172

mozilla

firefox

authorization

spoofing

credentials

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

Affected configurations

Nvd

Node

mozillafirefoxMatch3.6

VendorProductVersionCPE
mozillafirefox3.6cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	3.6	cpe:2.3:a:mozilla:firefox:3.6:::::::*

References

www.mandriva.com/security/advisories?name=MDVSA-2010:070

www.mozilla.org/security/announce/2010/mfsa2010-15.html

www.securityfocus.com/bid/38918

www.vupen.com/english/advisories/2010/0692

bugzilla.mozilla.org/show_bug.cgi?id=537862

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

Related for CVE-2010-0172