CVE-2010-0172

{"id": "CVE-2010-0172", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-03-25T21:00:00.627", "references": [{"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070", "source": "cve@mitre.org"}, {"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38918", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0692", "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=537862", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-15.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/38918", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0692", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=537862", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances."}, {"lang": "es", "value": "toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js en la implementaci\u00f3n Authorization Prompt en Mozilla Firefox v3.6 anterior a v3.6.2, no maneja adecuadamente las peticiones de autorizaci\u00f3n concurrentes para m\u00faltiples sitios web, lo que podr\u00eda permitir a servidores web remotos falsificar un cuadro de di\u00e1logo de autorizaci\u00f3n y capturar las credenciales mediante la demanda de una autenticaci\u00f3n HTTP en unas condiciones propicias."}], "lastModified": "2024-11-21T01:11:41.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3782354-7EB7-49D2-B240-1871F6CB84C7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}