Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2703

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2703
Last Modified 07 Mar 2011 09:24:55
Published 23 Sep 2005 03:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2703

Summary

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Suite 1.7.10

  • Mozilla Suite 1.7.11

  • Mozilla Suite 1.7.6

  • Mozilla Suite 1.7.7

  • Mozilla Suite 1.7.8


References

XF - mozilla-xmlhttprequest-spoofing(22376)

VUPEN - ADV-2005-1824

UBUNTU - USN-200-1

BID - 15495

BID - 14923

REDHAT - RHSA-2005:791

REDHAT - RHSA-2005:789

REDHAT - RHSA-2005:785

FEDORA - FLSA-2006:168375

SUSE - SUSE-SA:2005:058

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-58.html

MANDRIVA - MDKSA-2005:174

MANDRIVA - MDKSA-2005:170

MANDRIVA - MDKSA-2005:169

DEBIAN - DSA-868

DEBIAN - DSA-866

DEBIAN - DSA-838

SECTRACK - 1014954

SECUNIA - 17284

SECUNIA - 17263

SECUNIA - 17149

SECUNIA - 17090

SECUNIA - 17042

SECUNIA - 17026

SECUNIA - 17014

SECUNIA - 16977

SECUNIA - 16917

SECUNIA - 16911

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:40:36