Mozilla Foundation Security Advisory 2007-31

Type securityvulns
Reporter Securityvulns
Modified 2007-10-23T00:00:00


Mozilla Foundation Security Advisory 2007-31

Title: Digest authentication request splitting Impact: Moderate Announced: October 18, 2007 Reporter: Stefano Di Paola Products: Firefox, SeaMonkey

Fixed in: Firefox SeaMonkey 1.1.5 Description

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. References

* IE 7 and Firefox Browsers Digest Authentication Request Splitting
* CVE-2007-2292