Lucene search

[email protected]NVD:CVE-2008-0367

HistoryJan 19, 2008 - 12:00 a.m.

CVE-2008-0367

2008-01-1900:00:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

76.1%

JSON

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Affected configurations

Nvd

Node

mozillafirefoxRange≤2.0.0.11

mozillafirefoxMatch3.0beta2

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	3.0	cpe:2.3:a:mozilla:firefox:3.0:beta2::::::

References

aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx

blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/

www.securityfocus.com/archive/1/485732/100/200/threaded

www.securityfocus.com/archive/1/485738/100/200/threaded

www.securityfocus.com/bid/27111

bugzilla.mozilla.org/show_bug.cgi?id=244273

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

76.1%

JSON

Related for NVD:CVE-2008-0367

cvelist1 ubuntucve1 prion1 cve1 openvas1 gentoo1 nessus1