Unrated severityNVD Advisory· Published Jul 27, 2005· Updated Apr 16, 2026

CVE-2005-2395

Description

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

Affected products

Mozilla Corporation/Firefox2 versions
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/405666nvdExploit
securityreason.com/securityalert/8nvd
www.osvdb.org/19002nvd
www.securiteam.com/securitynews/5PP0L00GUQ.htmlnvd
www.securityfocus.com/bid/14325nvd
bugzilla.mozilla.org/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/22272nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000