Описание
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-0367
- https://bugzilla.mozilla.org/show_bug.cgi?id=244273
- http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
- http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
- http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing
- http://www.securityfocus.com/archive/1/485732/100/200/threaded
- http://www.securityfocus.com/archive/1/485738/100/200/threaded
- http://www.securityfocus.com/bid/27111
Связанные уязвимости
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when p ...