CVE-2006-2786 Information
Description
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4 when used with certain proxy servers allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon which might not be ignored in some cases or (2) HTTP 1.1 headers through an HTTP 1.0 proxy which are ignored by the proxy but processed by the client.
Reference
http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21324 http://secunia.com/advisories/21336 http://secunia.com/advisories/21532 http://secunia.com/advisories/21631 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 http://securitytracker.com/id?1016202 http://securitytracker.com/id?1016214 http://www.debian.org/security/2006/dsa-1118 http://www.debian.org/security/2006/dsa-1120 http://www.debian.org/security/2006/dsa-1134 http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mozilla.org/security/announce/2006/mfsa2006-33.html http://www.novell.com/linux/security/advisories/2006_35_mozilla.html http://www.redhat.com/support/errata/RHSA-2006-0578.html http://www.redhat.com/support/errata/RHSA-2006-0594.html http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0611.html http://www.securityfocus.com/archive/1/435795/100/0/threaded http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/archive/1/446658/100/200/threaded http://www.securityfocus.com/bid/18228 http://www.vupen.com/english/advisories/2006/2106 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/3749 http://www.vupen.com/english/advisories/2008/0083 https://exchange.xforce.ibmcloud.com/vulnerabilities/26844 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9966 https://usn.ubuntu.com/296-1/ https://usn.ubuntu.com/296-2/ https://usn.ubuntu.com/297-1/ https://usn.ubuntu.com/323-1/
Share on: