CVE Vulnerability

CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx Third Party Advisory
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx Third Party Advisory
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=244273 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/27111 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/485738/100/200/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/485732/100/200/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Information

Published : 2008-01-19 12:00

Updated : 2018-10-26 02:19

NVD link : CVE-2008-0367

Mitre link : CVE-2008-0367

Products Affected
No products.
CWE
CWE-200