Lucene search

MitreCVE-2008-0367

HistoryJan 19, 2008 - 12:00 a.m.

CVE-2008-0367

2008-01-1900:00:00

CWE-200

mitre

web.nvd.nist.gov

cve-2008-0367

mozilla firefox

http basic authentication

phishing

spoofing

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

76.1%

JSON

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Affected configurations

Nvd

Node

mozillafirefoxRange≤2.0.0.11

mozillafirefoxMatch3.0beta2

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	3.0	cpe:2.3:a:mozilla:firefox:3.0:beta2::::::

References

aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx

blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/

www.securityfocus.com/archive/1/485732/100/200/threaded

www.securityfocus.com/archive/1/485738/100/200/threaded

www.securityfocus.com/bid/27111

bugzilla.mozilla.org/show_bug.cgi?id=244273

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

76.1%

JSON

Related for CVE-2008-0367