CVE-2005-2395

Published: Jul 27, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

Affected (2)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 1.0.4
Mozilla Firefox	Version 1.0.5

References (14)

http://securityreason.com/securityalert/8

Source: cve@mitre.org

http://www.osvdb.org/19002

Source: cve@mitre.org

http://www.securiteam.com/securitynews/5PP0L00GUQ.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/405666

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/14325

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=281851

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/22272

Source: cve@mitre.org

http://securityreason.com/securityalert/8