Unrated severityNVD Advisory· Published Jan 19, 2008· Updated Jun 16, 2026
CVE-2008-0367
CVE-2008-0367
Description
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.11
- cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
- (no CPE)range: 2.0.0.11, 3.0b2, and possibly earlier
Patches
Vulnerability mechanics
References
7- aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspxnvdThird Party Advisory
- aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspxnvdThird Party Advisory
- blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/nvdVendor Advisory
- www.securityfocus.com/archive/1/485732/100/200/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/485738/100/200/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/27111nvdThird Party AdvisoryVDB Entry
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.