CVE-2008-0367

high

Description

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=244273

http://www.securityfocus.com/bid/27111

http://www.securityfocus.com/archive/1/485738/100/200/threaded

http://www.securityfocus.com/archive/1/485732/100/200/threaded

http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/

http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

Details

Source: Mitre, NVD

Published: 2008-01-19

Updated: 2018-10-26

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: High