Mozilla Firefox 'Basic Realm' Basic Authentication Header Spoofing Vulnerability

2008-01-06T00:00:00
ID SSV:2777
Type seebug
Reporter Root
Modified 2008-01-06T00:00:00

Description

Mozilla Firefox is prone to a domain-spoofing vulnerability that allows an attacker to spoof an HTTP basic authentication dialog.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTP basic authentication dialog that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

Firefox 2.0.0.11 is vulnerable; other versions may also be affected.

Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.10


官方暂无补丁