CVE-2008-0367

Firefox < 2.0.0.11 - Unauthorized Realm Spoofing via HTTP Basic Authentication Dialog

Title source: llm
STIX 2.1

Description

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

References (7)

Core 7
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485738/100/200/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485732/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27111

Scores

EPSS 0.0181
EPSS Percentile 76.1%

Details

CWE
CWE-200
Status published
Products (2)
mozilla/firefox 3.0 beta2
mozilla/firefox < 2.0.0.11
Published Jan 19, 2008
Tracked Since Feb 18, 2026