CVE-2008-0367Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 25.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJan 19
Latest updateMay 1

Description

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox2.0.0.11+1

🔴Vulnerability Details

1
GHSA
GHSA-5fjw-r22m-94v3: Mozilla Firefox 22022-05-01