CVE-2010-2792

CVE-2010-2792 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:P/A:N

Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.

Learn more about our User Device Pen Test.