CVE-2010-0172 — Mozilla Firefox vulnerability

2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 32.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMar 25

Latest updateMay 2

Description

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.6

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-34rw-q4gp-cwxm: toolkit/components/passwordmgr/src/nsLoginManagerPrompter↗2022-05-02

▶