CVE-2011-3000

2011-09-29T00:55:00
ID CVE-2011-3000
Type cve
Reporter cve@mitre.org
Modified 2017-09-19T01:33:00

Description

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.