Description
The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12251
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/69758
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Third Party Advisory x_refsource_confirm
https://wiki.mozilla.org/Platform/2010-12-07
Scores
EPSS
0.0130
EPSS Percentile
67.2%
Details
Status
published
Products (1)
mozilla/firefox
4.0 beta1 (6 CPE variants)
Published
Dec 09, 2010
Tracked Since
Feb 18, 2026