Unrated severityNVD Advisory· Published Mar 25, 2010· Updated Jun 16, 2026
CVE-2010-0172
CVE-2010-0172
Description
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- (no CPE)range: 3.6 >=, < 3.6.2
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
6- www.mozilla.org/security/announce/2010/mfsa2010-15.htmlnvdPatch
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/38918nvd
- www.vupen.com/english/advisories/2010/0692nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8281nvd
News mentions
0No linked articles in our index yet.