Vulnerability Details : CVE-2010-0172
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
Products affected by CVE-2010-0172
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0172
0.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0172
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2010-0172
-
https://bugzilla.mozilla.org/show_bug.cgi?id=537862
537862 - (CVE-2010-0172) asyncAuthPrompt can attach to wrong DOM window.
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281
Repository / Oval Repository
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
mandriva.com
-
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
Asynchronous Auth Prompt attaches to wrong window — MozillaPatch
-
http://www.vupen.com/english/advisories/2010/0692
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/38918
RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
Jump to