Vulnerabilities

CVE-2011-3000

by Fred · 28/09/2011

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.

Date published : 2011-09-28

http://www.mozilla.org/security/announce/2011/mfsa2011-39.html

https://bugzilla.mozilla.org/show_bug.cgi?id=655389

Similar

Tags: Cybersecurity Alert