toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-03-25T20:31:00
Updated: 2017-09-18T12:57:01
Reserved: 2010-01-06T00:00:00
Link: CVE-2010-0172
JSON object: View
NVD Information
Status : Modified
Published: 2010-03-25T21:00:00.627
Modified: 2017-09-19T01:30:15.563
Link: CVE-2010-0172
JSON object: View
Redhat Information
No data.
CWE