CVE-2010-4508

2010-12-0920:00:17

mitre

web.nvd.nist.gov

cve-2010-4508

websockets

mozilla firefox

proxy upgrade

remote attack vectors

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an “inherent problem” with the WebSocket specification.

Affected configurations

Nvd

Node

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

VendorProductVersionCPE
mozillafirefox4.0cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
mozillafirefox4.0cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
mozillafirefox4.0cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
mozillafirefox4.0cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
mozillafirefox4.0cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
mozillafirefox4.0cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	4.0	cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
mozilla	firefox	4.0	cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
mozilla	firefox	4.0	cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
mozilla	firefox	4.0	cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
mozilla	firefox	4.0	cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
mozilla	firefox	4.0	cpe:2.3:a:mozilla:firefox:4.0:beta6::::::