Lucene search

[email protected]NVD:CVE-2010-0172

HistoryMar 25, 2010 - 9:00 p.m.

CVE-2010-0172

2010-03-2521:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

Affected configurations

Nvd

Node

mozillafirefoxMatch3.6

VendorProductVersionCPE
mozillafirefox3.6cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	3.6	cpe:2.3:a:mozilla:firefox:3.6:::::::*

References

www.mandriva.com/security/advisories?name=MDVSA-2010:070

www.mozilla.org/security/announce/2010/mfsa2010-15.html

www.securityfocus.com/bid/38918

www.vupen.com/english/advisories/2010/0692

bugzilla.mozilla.org/show_bug.cgi?id=537862

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

Related for NVD:CVE-2010-0172

prion1 securityvulns2 cve1 cvelist1 ubuntucve1 seebug1 mozilla1 openvas17 nessus4 gentoo1