Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2786

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2786
Last Modified 07 Mar 2011 09:37:01
Published 02 Jun 2006 04:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2786

Summary

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5.0.3

  • Mozilla Thunderbird 1.5.0.3


References

VUPEN - ADV-2008-0083

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-3748

VUPEN - ADV-2006-2106

HP - SSRT061181

HP - HPSBUX02156

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-33.html

XF - mozilla-http-response-smuggling(26844)

UBUNTU - USN-323-1

UBUNTU - USN-297-1

UBUNTU - USN-296-2

UBUNTU - USN-296-1

BID - 18228

HP - HPSBUX02153

BUGTRAQ - 20060602 rPSA-2006-0091-1 firefox thunderbird

REDHAT - RHSA-2006:0611

REDHAT - RHSA-2006:0610

REDHAT - RHSA-2006:0594

REDHAT - RHSA-2006:0578

SUSE - SUSE-SA:2006:035

MANDRIVA - MDKSA-2006:145

MANDRIVA - MDKSA-2006:143

GENTOO - GLSA-200606-21

GENTOO - GLSA-200606-12

DEBIAN - DSA-1134

DEBIAN - DSA-1120

DEBIAN - DSA-1118

SECTRACK - 1016214

SECTRACK - 1016202

SECUNIA - 22066

SECUNIA - 22065

SECUNIA - 21631

SECUNIA - 21532

SECUNIA - 21336

SECUNIA - 21324

SECUNIA - 21270

SECUNIA - 21269

SECUNIA - 21188

SECUNIA - 21183

SECUNIA - 21178

SECUNIA - 21176

SECUNIA - 21134

SECUNIA - 20709

SECUNIA - 20561

SECUNIA - 20382

SECUNIA - 20376

REDHAT - RHSA-2006:0609

HP - SSRT061236


Last Updated: 27 May 2016 10:42:35