CVE-2005-2395
First published: Wed Jul 27 2005(Updated: )
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/405666
- http://www.securityfocus.com/bid/14325
- https://bugzilla.mozilla.org/show_bug.cgi?id=281851
- http://www.securiteam.com/securitynews/5PP0L00GUQ.html
- http://www.osvdb.org/19002
- http://securityreason.com/securityalert/8
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22272
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.0.4
- version/mozilla firefox/1.0.5