Showing 1 - 7 of 7

CVE-2007-2292

Status Candidate

Overview

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Related Files

Gentoo Linux Security Advisory 200711-14: Posted Nov 13, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than 2.0.0.9 are affected.; tags | advisory, web, arbitrary, javascript, vulnerability; systems | linux, gentoo; advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-5334, CVE-2007-5335, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | 9406d653f481b768d289697671963843abc5749121b2f6c0fbe1ff5ea8d7b3e1; Download | Favorite | View

Debian Linux Security Advisory 1401-1: Posted Nov 6, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1401-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.; tags | advisory, remote, vulnerability; systems | linux, debian; advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | 9bc7902a3a9d13707c50680a45511ae88d83140ad502a37acbb6b1f0fad70d4a; Download | Favorite | View

Debian Linux Security Advisory 1396-1: Posted Oct 29, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1396-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.; tags | advisory, remote, web, vulnerability; systems | linux, debian; advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | 8fe44bb7245d98b16367831bc25a2cdbd53ab91d169bf07f76151139fb5dac32; Download | Favorite | View

Ubuntu Security Notice 536-1: Posted Oct 24, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 536-1 - A massive slew of vulnerabilities that relate to mozilla-thunderbird have been patched. It would be wise to upgrade now.; tags | advisory, vulnerability; systems | linux, ubuntu; advisories | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | 5d868ca3cbf8195030fcde8ba5b7c3d30109913f90eb6ea9b8d3da2f0f586fd5; Download | Favorite | View

Mandriva Linux Security Advisory 2007.202: Posted Oct 23, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.8.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-4841, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | 2135e6c07c0d7978822688d56feada1ec50ecedb20b2a667e7732def2eeac94d; Download | Favorite | View

Ubuntu Security Notice 535-1: Posted Oct 23, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 535-1 - A large amount of flaws related to Firefox have been fixed under Ubuntu. These include forced upload and javascript insertion vulnerabilities.; tags | advisory, javascript, vulnerability; systems | linux, ubuntu; advisories | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5335, CVE-2007-5336, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | e937e8ad5d0b409d665ed543ec76877c5a6c7850fb23798031b11ce6ee1da4ed; Download | Favorite | View

Debian Linux Security Advisory 1392-1: Posted Oct 23, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1392-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.; tags | advisory, remote, vulnerability; systems | linux, debian; advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340; SHA-256 | 07283a47e9583c7edb535f3b607f378ec46027553dd159a84808cd043699ff16; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2007-2292

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems