CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
76.1%
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
www.securityfocus.com/archive/1/485732/100/200/threaded
www.securityfocus.com/archive/1/485738/100/200/threaded
www.securityfocus.com/bid/27111
bugzilla.mozilla.org/show_bug.cgi?id=244273
More