CVE-2008-0367

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx", "name": "http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx", "name": "http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/", "name": "http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=244273", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=244273", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/27111", "name": "27111", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/485738/100/200/threaded", "name": "20080103 Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/485732/100/200/threaded", "name": "20080103 Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0367", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-01-19T00:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0.0.11"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-26T14:19Z"}