Lucene search
SecurityvulnsSECURITYVULNS:DOC:18258HistoryOct 23, 2007 - 12:00 a.m.
Mozilla Foundation Security Advisory 2007-31
2007-10-2300:00:00
vulners.com
19
Mozilla Foundation Security Advisory 2007-31
Title: Digest authentication request splitting
Impact: Moderate
Announced: October 18, 2007
Reporter: Stefano Di Paola
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.8
SeaMonkey 1.1.5
Description
Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts.
References
* IE 7 and Firefox Browsers Digest Authentication Request Splitting
* https://bugzilla.mozilla.org/show_bug.cgi?id=378787
* CVE-2007-2292
Related
ubuntucve
ubuntucve
CVE-2007-2292
2007-04-26 00:00:00
cve
cve
CVE-2007-2292
2007-04-26 20:19:00
veracode
veracode
HTTP Request-splitting
2020-04-10 00:20:20
mozilla
mozilla
Digest authentication request splitting โ Mozilla
2007-10-18 00:00:00
prion
prion
Crlf injection
2007-04-26 20:19:00
seebug
seebug
IEๅFirefoxๆต่งๅจDigest่ฎค่ฏ่ฏทๆฑๆๅๆผๆด
2007-10-24 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner)
2008-09-24 00:00:00
Fedora Update for thunderbird FEDORA-2007-3414
2009-02-27 00:00:00
Debian Security Advisory DSA 1396-1 (icedove)
2008-01-17 00:00:00
gentoo
gentoo
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
2007-11-12 00:00:00
nessus
nessus
RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0980)
2007-10-25 00:00:00
Debian DSA-1396-1 : iceweasel - several vulnerabilities
2007-10-30 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.9-1.fc8
2007-11-16 00:39:02
[SECURITY] Fedora 7 Update: seamonkey-1.1.5-1.fc7
2007-10-24 07:02:38
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.9-1.fc7
2007-11-16 00:41:37
oraclelinux
oraclelinux
Critical: firefox security update
2007-10-20 00:00:00
Critical: seamonkey security update
2007-10-20 00:00:00
Moderate: thunderbird security update
2007-10-20 00:00:00
debian
debian
[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities
2007-10-27 11:54:56
[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities
2007-10-20 11:56:10
[SECURITY] [DSA 1401-1] New iceape packages fix several vulnerabilities
2007-11-05 23:44:32
centos
centos
thunderbird security update
2007-10-20 18:06:21
firefox security update
2007-10-20 18:08:04
seamonkey security update
2007-10-22 02:25:42
osv
osv
xulrunner - several vulnerabilities
2007-10-20 00:00:00
iceape - several vulnerabilities
2007-11-05 00:00:00
iceweasel
2007-10-27 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2007-10-23 00:00:00
Firefox vulnerabilities
2007-10-22 00:00:00
redhat
redhat
(RHSA-2007:0979) Critical: firefox security update
2007-10-19 00:00:00
(RHSA-2007:0981) Moderate: thunderbird security update
2007-10-19 00:00:00
(RHSA-2007:0980) Critical: seamonkey security update
2007-10-19 00:00:00
securityvulns
securityvulns
Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
2007-10-23 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14
Related for SECURITYVULNS:DOC:18258