Published:2006/06/02  Last Updated:2008/05/21

JVN#28513736
Mozilla Firefox HTTP 1.0 response smuggling vulnerability

Overview

Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.

Products Affected

  • Mozilla Firefox 1.5.0.3 and earlier

Description

Impact

If a user views malicious web pages, an attacker could inject a script into the responses from a server in other domains.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Mozilla Japan Vulnerable 2006/06/02

References

JPCERT/CC Addendum

Credit

Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

Update History