CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
mozillafirefox
𝑥
≤ 2.0.0.11
mozillafirefox
3.0:beta2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
jaunty
dne
intrepid
dne
hardy
not-affected
gutsy
Fixed
released
feisty
ignored
edgy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
http://www.securityfocus.com/archive/1/485732/100/200/threaded
http://www.securityfocus.com/archive/1/485738/100/200/threaded
http://www.securityfocus.com/bid/27111
https://bugzilla.mozilla.org/show_bug.cgi?id=244273
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
http://www.securityfocus.com/archive/1/485732/100/200/threaded
http://www.securityfocus.com/archive/1/485738/100/200/threaded
http://www.securityfocus.com/bid/27111
https://bugzilla.mozilla.org/show_bug.cgi?id=244273