CVE-2005-2395
N/A
N/A
Summary
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.osvdb.org/19002
- https://bugzilla.mozilla.org/show_bug.cgi?id=281851
- http://securityreason.com/securityalert/8
- http://www.securityfocus.com/archive/1/405666
- http://www.securiteam.com/securitynews/5PP0L00GUQ.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22272
- http://www.securityfocus.com/bid/14325
References
- http://www.osvdb.org/19002
- https://bugzilla.mozilla.org/show_bug.cgi?id=281851
- http://securityreason.com/securityalert/8
- http://www.securityfocus.com/archive/1/405666
- http://www.securiteam.com/securitynews/5PP0L00GUQ.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22272
- http://www.securityfocus.com/bid/14325
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.