QwikSec

Security Database

CVE

CWE

Training

CVE-2008-0367

Published: Jan 18, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=244273

x_refsource_CONFIRM

http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx

x_refsource_MISC

20080103 Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

mailing-list

x_refsource_BUGTRAQ

20080103 Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.