CVE-2008-0367
Firefox < 2.0.0.11 - Unauthorized Realm Spoofing via HTTP Basic Authentication Dialog
Title source: llmDescription
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Third Party Advisory x_refsource_misc
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485738/100/200/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485732/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27111
Third Party Advisory x_refsource_misc
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
Scores
EPSS
0.0181
EPSS Percentile
76.1%
Details
CWE
CWE-200
Status
published
Products (2)
mozilla/firefox
3.0 beta2
mozilla/firefox
< 2.0.0.11
Published
Jan 19, 2008
Tracked Since
Feb 18, 2026