Unrated severityNVD Advisory· Published Aug 30, 2010· Updated Apr 29, 2026

CVE-2010-2792

Description

Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.

Affected products

Red Hat/Spice Xpi
cpe:2.3:a:redhat:spice-xpi:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2010-0632.htmlnvdPatchVendor Advisory
www.redhat.com/support/errata/RHSA-2010-0651.htmlnvdPatchVendor Advisory
osvdb.org/67619nvd
secunia.com/advisories/41120nvd
www.securityfocus.com/bid/42711nvd
www.vupen.com/english/advisories/2010/2181nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000