CRLF Injection Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2007-2292

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey; Internet Explorer
Vendor: CVE Published:; 26 April 2007

What is CVE-2007-2292?

A CRLF injection vulnerability present in the Digest Authentication support of Mozilla Firefox and SeaMonkey allows remote attackers to exploit the system. This occurs through the injection of line feed (LF, %0a) characters in the username field, leading to HTTP request splitting attacks. These attacks enable unauthorized manipulation of HTTP responses, potentially compromising user sessions and leading to further security breaches.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.securityfocus.com/archive/1/482876/100/200/thr...

mailing-listx_refsource_BUGTRAQ

http://www.wisec.it/vulns.php?id=11

x_refsource_MISC

Timeline

Vulnerability published
Apr 26, 2007
Vulnerability Reserved
Apr 26, 2007