CVE-2008-0367 Information

Description

Mozilla Firefox 2.0.0.11 3.0b2 and possibly earlier versions when prompting for HTTP Basic Authentication displays the site requesting the authentication after the Realm text which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Reference

http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/ http://www.securityfocus.com/archive/1/485732/100/200/threaded http://www.securityfocus.com/archive/1/485738/100/200/threaded http://www.securityfocus.com/bid/27111 https://bugzilla.mozilla.org/show_bug.cgi?id=244273