Lucene search
Mozilla FoundationMFSA2010-15HistoryMar 23, 2010 - 12:00 a.m.
Asynchronous Auth Prompt attaches to wrong window — Mozilla
2010-03-2300:00:00
Mozilla Foundation
www.mozilla.org
11
0.007 Low
EPSS
Percentile
79.7%
Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt (HTTP username and password) was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a trusted service and then have the HTTP authorization prompt from the malicious page appear to be the login prompt for the trusted page. This potential attack is greatly mitigated by the fact that very few web sites use HTTP authorization, preferring instead to use web forms and cookies.
Related
prion
prion
Authorization
2010-03-25 21:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-15
2010-04-06 00:00:00
cve
cve
CVE-2010-0172
2010-03-25 21:00:00
cvelist
cvelist
CVE-2010-0172
2010-03-25 20:31:00
seebug
seebug
Mozilla Firefox 3.6 异步HTTP授权提示信息泄露漏洞
2010-03-26 00:00:00
ubuntucve
ubuntucve
CVE-2010-0172
2010-03-25 00:00:00
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities (Mar 2010) - Linux
2010-03-30 00:00:00
Firefox Multiple Vulnerabilities Mar-10 (Windows)
2010-03-30 00:00:00
Firefox Multiple Vulnerabilities Mar-10 (Linux)
2010-03-30 00:00:00
nessus
nessus
Mozilla Firefox < 3.6.2 Multiple Vulnerabilities.
2010-03-23 00:00:00
Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities
2010-03-23 00:00:00
Mandriva Linux Security Advisory : firefox (MDVSA-2010:070-1)
2010-04-14 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00