Vulnerability Description
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 1.5.0.3 |
| Mozilla | Thunderbird | <= 1.5.0.3 |
References
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/20376
- http://secunia.com/advisories/20382
- http://secunia.com/advisories/20561
- http://secunia.com/advisories/20709
- http://secunia.com/advisories/21134
- http://secunia.com/advisories/21176
- http://secunia.com/advisories/21178
- http://secunia.com/advisories/21183
- http://secunia.com/advisories/21188
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://secunia.com/advisories/21324
- http://secunia.com/advisories/21336
- http://secunia.com/advisories/21532
FAQ
What is CVE-2006-2786?
CVE-2006-2786 is a vulnerability with a CVSS score of 2.6 (LOW). HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses a...
How severe is CVE-2006-2786?
CVE-2006-2786 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2786?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.