Mail.ru: HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru

CRLF injection via GET paramaters in tz.mail.ru Clientside vulnerabilities in tz.mail.ru is not currently covered by Bug Bounty program...