Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2010-08-30T19:00:00
Updated: 2010-09-08T09:00:00
Reserved: 2010-07-22T00:00:00
Link: CVE-2010-2792
JSON object: View
NVD Information
Status : Modified
Published: 2010-08-30T20:00:02.157
Modified: 2011-01-11T06:43:57.503
Link: CVE-2010-2792
JSON object: View
Redhat Information
No data.
CWE