Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0367

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0367
Last Modified 23 Oct 2008 01:56:54
Published 18 Jan 2008 07:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0367

Summary

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 3.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=244273

BID - 27111

BUGTRAQ - 20080103 Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

BUGTRAQ - 20080103 Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication

CONFIRM - http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/

MISC - http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx

MISC - http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx


Last Updated: 27 May 2016 10:46:46