Published:2006/06/02  Last Updated:2008/05/21

JVN#62734622
Mozilla Firefox vulnerable to HTTP response splitting

Overview

Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.

Products Affected

  • Mozilla Firefox 1.5.0.3 and earlier

Description

Impact

If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Mozilla Japan Vulnerable 2006/06/02

References

JPCERT/CC Addendum

Credit

Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

Update History