5

CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.11
MozillaFirefox Version3.0 Updatebeta2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.81% 0.758
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
Third Party Advisory
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
Third Party Advisory
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
Vendor Advisory
http://www.securityfocus.com/archive/1/485732/100/200/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/485738/100/200/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/27111
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Vendor Advisory
Issue Tracking