CVE-2010-0172

EUVD-2010-0203
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
http://www.securityfocus.com/bid/38918
http://www.vupen.com/english/advisories/2010/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=537862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
http://www.securityfocus.com/bid/38918
http://www.vupen.com/english/advisories/2010/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=537862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281