Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-0172 | First vendor Publication | 2010-03-25 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8281 | |||
Oval ID: | oval:org.mitre.oval:def:8281 | ||
Title: | Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability | ||
Description: | toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0172 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
2010-04-19 | Name : Mandriva Update for firefox MDVA-2010:121 (firefox) File : nvt/gb_mandriva_MDVA_2010_121.nasl |
2010-04-16 | Name : Mandriva Update for firefox-ext-plasmanotify MDVA-2010:118 (firefox-ext-plasm... File : nvt/gb_mandriva_MDVA_2010_118.nasl |
2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Linux) File : nvt/secpod_firefox_mult_vuln_mar10_lin.nasl |
2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Win) File : nvt/secpod_firefox_mult_vuln_mar10_win.nasl |
2010-02-22 | Name : Mandriva Update for blogtk MDVA-2010:070-1 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070_1.nasl |
2010-02-19 | Name : Mandriva Update for blogtk MDVA-2010:070 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63273 | Mozilla Firefox Authorization Prompt Implementation toolkit/components/passwo... A weakness in toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js can cause the authorization dialogs for concurrent authorization requests to become affixed to the wrong window. This could allow an attacker to spoof the dialog and potentially steal credentials. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:10:59 |
|
2021-04-22 01:11:32 |
|
2020-05-23 00:25:07 |
|
2017-09-19 09:23:35 |
|
2016-04-26 19:30:58 |
|
2014-02-17 10:53:20 |
|
2013-05-10 23:16:30 |
|