Published: 30/08/2010 Updated: 11/01/2011

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat spice-xpi 2.2

Synopsis Moderate: qspice-client security update Type/Severity Security Advisory: Moderate Topic An updated qspice-client package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common ...

Synopsis Moderate: spice-xpi security and bug fix update Type/Severity Security Advisory: Moderate Topic An updated spice-xpi package that fixes two security issues and three bugsis now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecuri ...

CWE-362 http://www.redhat.com/support/errata/RHSA-2010-0632.html http://www.redhat.com/support/errata/RHSA-2010-0651.html https://bugzilla.redhat.com/show_bug.cgi?id=620350 http://osvdb.org/67619 http://www.vupen.com/english/advisories/2010/2181 http://secunia.com/advisories/41120 http://www.securityfocus.com/bid/42711 https://access.redhat.com/errata/RHSA-2010:0632 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2792

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect