CVE-2010-4508

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
mozillafirefox
4.0:beta1
mozillafirefox
4.0:beta2
mozillafirefox
4.0:beta3
mozillafirefox
4.0:beta4
mozillafirefox
4.0:beta5
mozillafirefox
4.0:beta6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
maverick
not-affected
lucid
not-affected
karmic
dne
hardy
ignored
dapper
ignored
References
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://osvdb.org/69758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12251
https://wiki.mozilla.org/Platform/2010-12-07
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://osvdb.org/69758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12251
https://wiki.mozilla.org/Platform/2010-12-07