Unrated severityNVD Advisory· Published Jan 19, 2008· Updated Apr 23, 2026

CVE-2008-0367

Description

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Affected products

Mozilla Corporation/Firefox2 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.11
- cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspxnvdThird Party Advisory
aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspxnvdThird Party Advisory
blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/nvdVendor Advisory
www.securityfocus.com/archive/1/485732/100/200/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/485738/100/200/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/27111nvdThird Party AdvisoryVDB Entry
bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000