Mozilla Foundation Security Advisory 2007-31

2007-10-23T00:00:00
ID SECURITYVULNS:DOC:18258
Type securityvulns
Reporter Securityvulns
Modified 2007-10-23T00:00:00

Description

Mozilla Foundation Security Advisory 2007-31

Title: Digest authentication request splitting Impact: Moderate Announced: October 18, 2007 Reporter: Stefano Di Paola Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. References

* IE 7 and Firefox Browsers Digest Authentication Request Splitting
* https://bugzilla.mozilla.org/show_bug.cgi?id=378787
* CVE-2007-2292