CVE-2007-2292

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey; Internet Explorer
Vendor: CVE Published:; 26 April 2007

Summary

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.securityfocus.com/archive/1/482876/100/200/thr...

mailing-listx_refsource_BUGTRAQ

http://www.wisec.it/vulns.php?id=11

x_refsource_MISC

Timeline

Vulnerability published
Apr 26, 2007
Vulnerability Reserved
Apr 26, 2007