Описание
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 35.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [35.0+build3-0ubuntu0.14.04.2]] |
| lucid | ignored | end of life |
| precise | released | 35.0+build3-0ubuntu0.12.04.2 |
| trusty | released | 35.0+build3-0ubuntu0.14.04.2 |
| trusty/esm | DNE | trusty was released [35.0+build3-0ubuntu0.14.04.2] |
| upstream | released | 35.0 |
| utopic | released | 35.0+build3-0ubuntu0.14.10.2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:31.4.0+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:31.4.0+build1-0ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 1:31.4.0+build1-0ubuntu0.12.04.1 |
| trusty | released | 1:31.4.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:31.4.0+build1-0ubuntu0.14.04.1] |
| upstream | released | 31.4.0 |
| utopic | released | 1:31.4.0+build1-0ubuntu0.14.10.1 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird ...
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
EPSS
6.8 Medium
CVSS2