Описание
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.dfsg+1.5.0.14~prepatch071011b-0ubuntu1 |
| devel | not-affected | |
| edgy | released | 2.0.0.8+0dfsg-0ubuntu0.6.10 |
| feisty | released | 2.0.0.8+1nobinonly-0ubuntu1 |
| gutsy | released | 2.0.0.8+2nobinonly-0ubuntu1 |
| upstream | released | 2.0.0.8 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.5.0.13+1.5.0.14b-0ubuntu0.6.06 |
| edgy | released | 1.5.0.13+1.5.0.14b-0ubuntu0.6.10 |
| feisty | released | 1.5.0.13+1.5.0.14b-0ubuntu0.7.04 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| gutsy | released | 2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10 |
| upstream | released | 2.0.0.8 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
CRLF injection vulnerability in the Digest Authentication support for ...
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
ELSA-2007-0979: Critical: firefox security update (CRITICAL)
EPSS
4.3 Medium
CVSS2