CVE-2010-0172
N/A
N/A
Summary
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/38918
- http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
- http://www.vupen.com/english/advisories/2010/0692
- https://bugzilla.mozilla.org/show_bug.cgi?id=537862
References
- http://www.securityfocus.com/bid/38918
- http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
- http://www.vupen.com/english/advisories/2010/0692
- https://bugzilla.mozilla.org/show_bug.cgi?id=537862
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.