CVE-2010-0172

EPSS 0.54%
Veröffentlicht 25.03.2010 21:00:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.647

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://www.mandriva.com/security/advisories?name=MDVSA-2010:070

http://www.securityfocus.com/bid/38918

http://www.vupen.com/english/advisories/2010/0692

http://www.mozilla.org/security/announce/2010/mfsa2010-15.html

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=537862

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281

https://nvd.nist.gov/vuln/detail/CVE-2010-0172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0172

EUVD