Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19343
HistoryMar 26, 2010 - 12:00 a.m.

Mozilla Firefox 3.6 异步HTTP授权提示信息泄露漏洞

2010-03-2600:00:00
Root
www.seebug.org
16

0.007 Low

EPSS

Percentile

77.4%

JSON

BUGTRAQ ID: 38920
CVE(CAN) ID: CVE-2010-0172

Firefox是一款流行的开源WEB浏览器。

Firefox的异步授权提示(HTTP用户名和口令)有时被附加到了错误的窗口上。恶意网页可以诱骗用户打开到可信任服务的新标签页或弹出框,之后让恶意网页的HTTP授权提示看起来为可信任网页的登录提示。目前很少有网站仍在使用HTTP授权,基本都在使用Web表单和Cookie。

Mozilla Firefox 3.6
厂商补丁:

Mozilla

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mozilla.org/

Related

prion 1
securityvulns 2
cve 1
ubuntucve 1
mozilla 1
openvas 17
nessus 4
gentoo 1
prion
prion
Authorization
2010-03-25 21:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-15
2010-04-06 00:00:00
Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities
2013-08-20 00:00:00
cve
cve
CVE-2010-0172
2010-03-25 21:00:00
ubuntucve
ubuntucve
CVE-2010-0172
2010-03-25 00:00:00
mozilla
mozilla
Asynchronous Auth Prompt attaches to wrong window — Mozilla
2010-03-23 00:00:00
openvas
openvas
Firefox Multiple Vulnerabilities Mar-10 (Windows)
2010-03-30 00:00:00
Firefox Multiple Vulnerabilities Mar-10 (Linux)
2010-03-30 00:00:00
Firefox Multiple Vulnerabilities (Mar 2010) - Windows
2010-03-30 00:00:00
nessus
nessus
Mozilla Firefox < 3.6.2 Multiple Vulnerabilities.
2010-03-23 00:00:00
Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities
2010-03-23 00:00:00
Mandriva Linux Security Advisory : firefox (MDVSA-2010:070-1)
2010-04-14 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

0.007 Low

EPSS

Percentile

77.4%

JSON
Related for SSV:19343
prion1securityvulns2cve1ubuntucve1mozilla1openvas17nessus4gentoo1