HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://secunia.com/advisories/20709 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/21176 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 | vendor-advisory x_refsource_MANDRIVA x_transferred |
| http://www.vupen.com/english/advisories/2006/3748 | vdb-entry x_refsource_VUPEN x_transferred |
| https://usn.ubuntu.com/296-1/ | vendor-advisory x_refsource_UBUNTU x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26844 | vdb-entry x_refsource_XF x_transferred |
| https://usn.ubuntu.com/323-1/ | vendor-advisory x_refsource_UBUNTU x_transferred |
| http://secunia.com/advisories/20561 | third-party-advisory x_refsource_SECUNIA x_transferred |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966 | vdb-entry signature x_refsource_OVAL x_transferred |
| http://www.redhat.com/support/errata/RHSA-2006-0594.html | vendor-advisory x_refsource_REDHAT x_transferred |
| http://secunia.com/advisories/21336 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/20382 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://securitytracker.com/id?1016214 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://www.securityfocus.com/archive/1/435795/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://www.vupen.com/english/advisories/2006/3749 | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.redhat.com/support/errata/RHSA-2006-0610.html | vendor-advisory x_refsource_REDHAT x_transferred |
| http://secunia.com/advisories/20376 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://rhn.redhat.com/errata/RHSA-2006-0609.html | vendor-advisory x_refsource_REDHAT x_transferred |
| http://secunia.com/advisories/21178 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://securitytracker.com/id?1016202 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://www.securityfocus.com/bid/18228 | vdb-entry x_refsource_BID x_transferred |
| http://secunia.com/advisories/21532 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/21270 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.vupen.com/english/advisories/2008/0083 | vdb-entry x_refsource_VUPEN x_transferred |
| http://secunia.com/advisories/21188 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/21134 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/21631 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.securityfocus.com/archive/1/446658/100/200/threaded | vendor-advisory x_refsource_HP x_transferred |
| http://www.securityfocus.com/archive/1/446657/100/200/threaded | vendor-advisory x_refsource_HP x_transferred |
| https://usn.ubuntu.com/296-2/ | vendor-advisory x_refsource_UBUNTU x_transferred |
| http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml | vendor-advisory x_refsource_GENTOO x_transferred |
| http://www.debian.org/security/2006/dsa-1118 | vendor-advisory x_refsource_DEBIAN x_transferred |
| http://www.securityfocus.com/archive/1/446658/100/200/threaded | vendor-advisory x_refsource_HP x_transferred |
| http://www.debian.org/security/2006/dsa-1120 | vendor-advisory x_refsource_DEBIAN x_transferred |
| http://www.redhat.com/support/errata/RHSA-2006-0611.html | vendor-advisory x_refsource_REDHAT x_transferred |
| http://www.securityfocus.com/archive/1/446657/100/200/threaded | vendor-advisory x_refsource_HP x_transferred |
| http://www.debian.org/security/2006/dsa-1134 | vendor-advisory x_refsource_DEBIAN x_transferred |
| http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml | vendor-advisory x_refsource_GENTOO x_transferred |
| http://secunia.com/advisories/21324 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/21183 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/22066 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://secunia.com/advisories/21269 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.novell.com/linux/security/advisories/2006_35_mozilla.html | vendor-advisory x_refsource_SUSE x_transferred |
| http://www.mozilla.org/security/announce/2006/mfsa2006-33.html | x_refsource_CONFIRM x_transferred |
| https://usn.ubuntu.com/297-1/ | vendor-advisory x_refsource_UBUNTU x_transferred |
| http://www.redhat.com/support/errata/RHSA-2006-0578.html | vendor-advisory x_refsource_REDHAT x_transferred |
| http://www.vupen.com/english/advisories/2006/2106 | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 | vendor-advisory x_refsource_MANDRIVA x_transferred |
| http://secunia.com/advisories/22065 | third-party-advisory x_refsource_SECUNIA x_transferred |