CVE-2008-0367

{"id": "CVE-2008-0367", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-19T00:00:00.000", "references": [{"url": "http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/485732/100/200/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/485738/100/200/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27111", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=244273", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/485732/100/200/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/485738/100/200/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27111", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=244273", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks."}, {"lang": "es", "value": "En el navegador Mozilla Firefox 2.0.0.11, 3.0b2, y posiblemente versiones anteriores, cuando se abre la ventana de Autenticaci\u00f3n HTTP b\u00e1sica, se muestra el sitio que requiere la autenticaci\u00f3n despues del texto Realm, lo que podr\u00eda provocar que servidores HTTP remotos lleven a cabo ataques de phising o spoofing."}], "lastModified": "2024-11-21T00:41:52.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3E4F934-1CC7-475C-B425-BEEF29AED912", "versionEndIncluding": "2.0.0.11"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}