|
[Japanese]
|
JVNDB-2006-000326
|
Mozilla Firefox vulnerable to HTTP response splitting
|
|
(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.
(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.
|
|
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
mozilla.org contributors
- Mozilla Firefox 1.5.0.3 and earlier
- Mozilla SeaMonkey 1.0.1
- Mozilla Thunderbird 1.5.0.3
Hewlett-Packard Development Company, L.P
MIRACLE LINUX CORPORATION
- Asianux Server 2.0
- Asianux Server 2.1
Red Hat, Inc.
- Red Hat Enterprise Linux 2.1 (as)
- Red Hat Enterprise Linux 3 (as)
- Red Hat Enterprise Linux 4 (as)
- Red Hat Enterprise Linux 2.1 (es)
- Red Hat Enterprise Linux 3 (es)
- Red Hat Enterprise Linux 4 (es)
- Red Hat Enterprise Linux 2.1 (ws)
- Red Hat Enterprise Linux 3 (ws)
- Red Hat Enterprise Linux 4 (ws)
- Red Hat Linux Advanced Workstation 2.1
|
|
|
(1)If a user views malicious web pages, an attacker could inject a script into the responses from a server in other domains.
(2)If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains.
|
|
|
|
mozilla.org contributors
Hewlett-Packard Development Company, L.P
MIRACLE LINUX CORPORATION
Red Hat, Inc.
|
|
|
|
- CVE-2006-2786
|
|
- JVN : JVN#62734622
- JVN : JVN#28513736
- National Vulnerability Database (NVD) : CVE-2006-2786
- SecurityFocus : 18228
- FrSIRT Advisories : FrSIRT/ADV-2006-2106
|
|
- [2008/05/21]
Web page published
|
