CVE-2008-0367: CVE-2008-0367

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-0367

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Firefox "Basic Realm"基础认证头欺骗漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

firefox是Mozilla公司的web浏览器软件,是一款非常流行的开放源码WEB浏览器。 Firefox会在所访问的Web服务器返回401状态代码时显示认证对话和WWW-Authenticate头。如果要指定基础认证，WWW-Authenticate头必须设置了[Basic realm=XXX]值，然后会在认证对话窗口中显示Realm的值(也就是XXX)。尽管Firefox不会显示双引号()后WWW-Authenticate头Realm值中的字符，但没有过滤单引号(')和空格，因此攻击者就可以创建特

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-0367

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-0367

Please Login to view more intelligence information

http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspxx_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=244273x_refsource_CONFIRM
http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/x_refsource_CONFIRM
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspxx_refsource_MISC
http://www.securityfocus.com/bid/27111vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/485732/100/200/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/485738/100/200/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2008-0367

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2008-0367

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2008-0367

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-0367

III. Intelligence Information for CVE-2008-0367

New Vulnerabilities

V. Comments for CVE-2008-0367

Leave a comment