Vulnerability Description
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 1.0.6 |
| Mozilla | Mozilla Suite | <= 1.7.11 |
Related Weaknesses (CWE)
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/16911Vendor Advisory
- http://secunia.com/advisories/16917Vendor Advisory
- http://secunia.com/advisories/16977Vendor Advisory
- http://secunia.com/advisories/17014Vendor Advisory
- http://secunia.com/advisories/17026Vendor Advisory
- http://secunia.com/advisories/17042Vendor Advisory
- http://secunia.com/advisories/17090Vendor Advisory
- http://secunia.com/advisories/17149Vendor Advisory
- http://secunia.com/advisories/17263Vendor Advisory
- http://secunia.com/advisories/17284Vendor Advisory
- http://securitytracker.com/id?1014954
- http://www.debian.org/security/2005/dsa-838
- http://www.debian.org/security/2005/dsa-866
- http://www.debian.org/security/2005/dsa-868
FAQ
What is CVE-2005-2703?
CVE-2005-2703 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in s...
How severe is CVE-2005-2703?
CVE-2005-2703 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2703?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite.