Vulnerability Description
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.0.4 |
References
- http://securityreason.com/securityalert/8
- http://www.osvdb.org/19002
- http://www.securiteam.com/securitynews/5PP0L00GUQ.html
- http://www.securityfocus.com/archive/1/405666Exploit
- http://www.securityfocus.com/bid/14325
- https://bugzilla.mozilla.org/show_bug.cgi?id=281851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22272
- http://securityreason.com/securityalert/8
- http://www.osvdb.org/19002
- http://www.securiteam.com/securitynews/5PP0L00GUQ.html
- http://www.securityfocus.com/archive/1/405666Exploit
- http://www.securityfocus.com/bid/14325
- https://bugzilla.mozilla.org/show_bug.cgi?id=281851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22272
FAQ
What is CVE-2005-2395?
CVE-2005-2395 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if a...
How severe is CVE-2005-2395?
CVE-2005-2395 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2395?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.