Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 207261 (CVE-2008-0367) - www-client/mozilla-firefox(-bin) Dialog Spoofing Vulnerability (CVE-2008-0367)
Summary: www-client/mozilla-firefox(-bin) Dialog Spoofing Vulnerability (CVE-2008-0367)
Status: RESOLVED FIXED
Alias: CVE-2008-0367
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-24 08:43 UTC by Lars Hartmann
Modified: 2013-01-08 01:02 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2008-01-24 08:43:03 UTC
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-26 20:48:25 UTC
Any news on this one?
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2008-04-18 16:59:58 UTC
Fixed in firefox3
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 17:33:56 UTC
In 2.x, too, I guess?
Comment 4 Jory A. Pratt gentoo-dev 2010-09-16 12:58:08 UTC
Nothing for mozilla to do here.
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-12-13 19:24:21 UTC
Fixed as per https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:44 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).