Lucene search

K
mozillaMozilla FoundationMFSA2009-68
HistoryDec 15, 2009 - 12:00 a.m.

NTLM reflection vulnerability — Mozilla

2009-12-1500:00:00
Mozilla Foundation
www.mozilla.org
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.016

Percentile

87.6%

Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla’s NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user.

Affected configurations

Vulners
Node
mozillafirefoxRange<3.0.16
OR
mozillafirefoxRange<3.5.6
OR
mozillaseamonkeyRange<2.0.1
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.016

Percentile

87.6%