CVE-2008-0367

EUVD-2008-0377
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 2.0.0.11
mozillafirefox
3.0:beta2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
Fixed
released
hardy
not-affected
intrepid
dne
jaunty
dne
Common Weakness Enumeration
References
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
http://www.securityfocus.com/archive/1/485732/100/200/threaded
http://www.securityfocus.com/archive/1/485738/100/200/threaded
http://www.securityfocus.com/bid/27111
https://bugzilla.mozilla.org/show_bug.cgi?id=244273
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
http://www.securityfocus.com/archive/1/485732/100/200/threaded
http://www.securityfocus.com/archive/1/485738/100/200/threaded
http://www.securityfocus.com/bid/27111
https://bugzilla.mozilla.org/show_bug.cgi?id=244273