CVE-2010-0172
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js en la implementación Authorization Prompt en Mozilla Firefox v3.6 anterior a v3.6.2, no maneja adecuadamente las peticiones de autorización concurrentes para múltiples sitios web, lo que podría permitir a servidores web remotos falsificar un cuadro de diálogo de autorización y capturar las credenciales mediante la demanda de una autenticación HTTP en unas condiciones propicias.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-06 CVE Reserved
- 2010-03-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/38918 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/0692 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=537862 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.mozilla.org/security/announce/2010/mfsa2010-15.html | 2017-09-19 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 | 2017-09-19 |