Search for vulnerabilities
Vulnerability details: VCID-s6ka-jcf2-aaar
Vulnerability ID VCID-s6ka-jcf2-aaar
Aliases CVE-2008-0367
Summary Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00645 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2008-0367
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-0367
Reference id Reference type URL
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
https://api.first.org/data/v1/epss?cve=CVE-2008-0367
https://bugzilla.mozilla.org/show_bug.cgi?id=244273
http://www.securityfocus.com/archive/1/485732/100/200/threaded
http://www.securityfocus.com/archive/1/485738/100/200/threaded
http://www.securityfocus.com/bid/27111
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
CVE-2008-0367 https://nvd.nist.gov/vuln/detail/CVE-2008-0367
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0367
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.74170
EPSS Score 0.00396
Published At Nov. 21, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.