CVE-2005-2395 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-2395 Interim 1 3 2021-06-09T08:34:28Z current 2021-05-30T12:33:07Z 2021-06-09T08:34:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-2395 Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. CVE-2005-2395 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N