CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
References
Link Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-33.html Vendor Advisory
http://www.securityfocus.com/bid/18228
http://securitytracker.com/id?1016202
http://securitytracker.com/id?1016214
http://secunia.com/advisories/20376
http://secunia.com/advisories/20382
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
http://secunia.com/advisories/20561
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://secunia.com/advisories/20709
http://www.redhat.com/support/errata/RHSA-2006-0578.html
http://secunia.com/advisories/21134
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://secunia.com/advisories/21183
http://secunia.com/advisories/21176
http://secunia.com/advisories/21178
http://secunia.com/advisories/21188
http://www.debian.org/security/2006/dsa-1134
http://www.redhat.com/support/errata/RHSA-2006-0610.html
http://www.redhat.com/support/errata/RHSA-2006-0611.html
http://secunia.com/advisories/21269
http://secunia.com/advisories/21270
http://rhn.redhat.com/errata/RHSA-2006-0609.html
http://secunia.com/advisories/21336
http://secunia.com/advisories/21324
http://secunia.com/advisories/21532
http://www.redhat.com/support/errata/RHSA-2006-0594.html
http://secunia.com/advisories/21631
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/26844
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966
https://usn.ubuntu.com/323-1/
https://usn.ubuntu.com/297-1/
https://usn.ubuntu.com/296-2/
https://usn.ubuntu.com/296-1/
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/435795/100/0/threaded
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Information

Published : 2006-06-02 13:02

Updated : 2018-10-18 09:42


NVD link : CVE-2006-2786

Mitre link : CVE-2006-2786


JSON object : View

Advertisement

dedicated server usa

Products Affected

mozilla

  • firefox
  • thunderbird