Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
References
Link | Resource |
---|---|
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx | Third Party Advisory |
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx | Third Party Advisory |
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/ | Vendor Advisory |
http://www.securityfocus.com/archive/1/485732/100/200/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/485738/100/200/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/27111 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=244273 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-01-18T23:00:00
Updated: 2018-10-15T20:57:01
Reserved: 2008-01-18T00:00:00
Link: CVE-2008-0367
JSON object: View
NVD Information
Status : Analyzed
Published: 2008-01-19T00:00:00.000
Modified: 2018-10-26T14:19:22.637
Link: CVE-2008-0367
JSON object: View
Redhat Information
No data.
CWE