1
Candidate: CVE-2010-0172
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172
5
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
7
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the
8
asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6
9
before 3.6.2 does not properly handle concurrent authorization requests
10
from multiple web sites, which might allow remote web servers to spoof an
11
authorization dialog and capture credentials by demanding HTTP
12
authentication in opportunistic circumstances.
16
https://bugzilla.mozilla.org/show_bug.cgi?id=537862
19
Assigned-to: chrisccoulson
22
upstream_firefox: released (3.6.2)
23
dapper_firefox: ignored (reached end-of-life)
24
hardy_firefox: not-affected
28
devel_firefox: released (3.6.3+nobinonly-0ubuntu2)