Back to search
CVE-2010-2792
Published: Aug 30, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
67619
vdb-entry
x_refsource_OSVDB
RHSA-2010:0651
vendor-advisory
x_refsource_REDHAT
41120
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=620350
x_refsource_CONFIRM
ADV-2010-2181
vdb-entry
x_refsource_VUPEN
RHSA-2010:0632
vendor-advisory
x_refsource_REDHAT
42711
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now