Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication
- To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication
- From: "avivra" <avivra@xxxxxxxxx>
- Date: Thu, 3 Jan 2008 08:12:06 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:content-language:x-cr-hashedpuzzle:x-cr-puzzleid; bh=cmjmAxSa5eOiMT9CSjWaMHSeYDNd0hozBQsCPmjsjLw=; b=BjsnEyN41Ym8ToocmWi0lIbtVHaoKqn+0LAdi1riR3HrWs7VychpNMUuwFXlb3YxUSkV9Vt6v2E6IakLxT2bwUv9yFoiEZ2TK3AbiuinSzhhnx4YGAyjVD064AW/sz4YECbh7PCeqYuvvyfPAerVvmp7Xj250ZqJuNWx/rTlnuM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:content-language:x-cr-hashedpuzzle:x-cr-puzzleid; b=JZ7UxhTpRtJFktGIg9jgdyEnHolKoGQNjy2fhH3uZmDnu2QAnumbuH3ZRtYJbb1CVlq+X1h1E1eg52V9fDLmko1RVPtsJuM+cit1LXYuuYbogiN7ipkYZXito16jXjso6KhCiY8DX1EnPTkM0U7/y5sxXJdu5LSQRveXiNKcHww=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- Thread-index: AchNz4z1PiUbL7BaRcCyDz/Ji9GqaQ==
Summary
Mozilla Firefox allows spoofing the information presented in the basic
authentication dialog box. This can allow an attacker to conduct phishing
attacks, by tricking the user to believe that the authentication dialog box
is from a trusted website.
Affected versions
Mozilla Firefox v2.0.0.11.
Prior versions and other Mozilla products may also be affected.
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthen
tication.aspx