The Simple Protocol for Independent Computing Environments (SPICE) is vulnerable to Man-in-the-middle. A race condition was found in the way the SPICE Mozilla Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into communicating over an attacker-controlled socket, possibly gaining access to authentication details, or resulting in a man-in-the-middle attack on the SPICE connection.
osvdb.org/67619
secunia.com/advisories/41120
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0632.html
www.redhat.com/support/errata/RHSA-2010-0651.html
www.securityfocus.com/bid/42711
www.vupen.com/english/advisories/2010/2181
access.redhat.com/errata/RHSA-2010:0632
bugzilla.redhat.com/show_bug.cgi?id=620350