CVE-2010-0172

NameCVE-2010-0172
Descriptiontoolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)(not affected)
iceweaselsource(unstable)(not affected)
xulrunnersource(unstable)(not affected)

Notes

- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
Search for package or bug name: Reporting problems