Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 207261 (CVE-2008-0367)

Summary: www-client/mozilla-firefox(-bin) Dialog Spoofing Vulnerability (CVE-2008-0367)
Product: Gentoo Security Reporter: Lars Hartmann <lars>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0367
See Also: https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---

Description Lars Hartmann 2008-01-24 08:43:03 UTC
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2008-02-26 20:48:25 UTC
Any news on this one?
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2008-04-18 16:59:58 UTC
Fixed in firefox3
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 17:33:56 UTC
In 2.x, too, I guess?
Comment 4 Jory A. Pratt gentoo-dev 2010-09-16 12:58:08 UTC
Nothing for mozilla to do here.
Comment 5 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-12-13 19:24:21 UTC
Fixed as per https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:44 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).