CVE-2010-0172

EPSS 0.54%
Published 25.03.2010 21:00:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.647

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://www.mandriva.com/security/advisories?name=MDVSA-2010:070

http://www.securityfocus.com/bid/38918

http://www.vupen.com/english/advisories/2010/0692

http://www.mozilla.org/security/announce/2010/mfsa2010-15.html

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=537862

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281

https://nvd.nist.gov/vuln/detail/CVE-2010-0172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0172

EUVD