• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox 'Basic Realm' Basic Authentication Header Spoofing Vulnerability

Mozilla Firefox is prone to a domain-spoofing vulnerability that allows an attacker to spoof an HTTP basic authentication dialog.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTP basic authentication dialog that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

Firefox 2.0.0.11 is vulnerable; other versions may also be affected.