CRLF Injection Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2007-2292

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Seamonkey
Internet Explorer
Vendor
CVE Published:
26 April 2007

What is CVE-2007-2292?

A CRLF injection vulnerability present in the Digest Authentication support of Mozilla Firefox and SeaMonkey allows remote attackers to exploit the system. This occurs through the injection of line feed (LF, %0a) characters in the username field, leading to HTTP request splitting attacks. These attacks enable unauthorized manipulation of HTTP responses, potentially compromising user sessions and leading to further security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.redhat.com/archives/fedora-package-announce/2...
vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/archive/1/482876/100/200/thr...
mailing-listx_refsource_BUGTRAQ
http://www.wisec.it/vulns.php?id=11
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.