CVE-2005-2395Mozilla Firefox vulnerability

6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJul 27
Latest updateMay 1

Description

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox1.0.4, 1.0.5+1

🔴Vulnerability Details

1
GHSA
GHSA-vw3w-fr62-q869: Mozilla Firefox 12022-05-01

📋Vendor Advisories

2
Debian
CVE-2005-2395: firefox - Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest...2005
Red Hat
firefox: Does not choose the challenge with the strongest authentication scheme available as required by RFC26172004-01-17

💬Community

2
Bugzilla
CVE-2005-2395 firefox: Does not choose the challenge with the strongest authentication scheme available as required by RFC26172012-12-14
Bugzilla
CVE-2005-2395 Wrong scheme used when server offers both Basic and Digest auth [rfc2617 obsoletes rfc2068]2005-02-10