Oval Definition:oval:org.mitre.oval:def:9966
Revision Date:2013-04-29Version:11
Title:HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Description:HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-2786
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3
  • OR seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • devhelp-devel is earlier than 0:0.10-0.2.el4
  • OR seamonkey-nspr is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1
  • OR thunderbird is earlier than 0:1.5.0.5-0.el4.1
  • OR seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1
  • OR devhelp is earlier than 0:0.10-0.2.el4
  • OR firefox is earlier than 0:1.5.0.5-0.el4.1
  • OR seamonkey-mail is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey-chat is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey-nss is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey-devel is earlier than 0:1.0.3-0.el4.1
  • OR seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1
    • BACK