The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site.
When displaying the basic authentication dialog, Firefox displays the actual source of the request at the end of the dialog text. Some other browsers display the request source at the very beginning of the dialog text or as part of the pop-up window’s title bar, which may be less likely to be confused.
This may allow an attacker to craft basic authentication dialogs that are confusing to users and may result in users sending website credentials to phishing websites.
Mozilla is currently investigating this issue and has assigned it an initial security severity rating of low. You can follow this issue here: https://bugzilla.mozilla.org/show_bug.cgi?id=244273
The issue was reported to the full-disclosure and bugtraq mailing lists by Aviv Raff.