CVE-2006-2786

2006-06-0200:00:00

ubuntu.com

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.123 Low

EPSS

Percentile

95.4%

JSON

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird
before 1.5.0.4, when used with certain proxy servers, allows remote
attackers to cause Firefox to interpret certain responses as if they were
responses from two different sites via (1) invalid HTTP response headers
with spaces between the header name and the colon, which might not be
ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy,
which are ignored by the proxy but processed by the client.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN
ubuntu6.06noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.6.06UNKNOWN
ubuntu6.10noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.7.04UNKNOWN
ubuntu6.10noarchxulrunner< 1.8.0.5-4.2UNKNOWN
ubuntu7.04noarchxulrunner< 1.8.0.5-4.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN
ubuntu	6.06	noarch	mozilla-thunderbird	< 1.5.0.13-0ubuntu0.6.06	UNKNOWN
ubuntu	6.10	noarch	mozilla-thunderbird	< 1.5.0.13-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	mozilla-thunderbird	< 1.5.0.13-0ubuntu0.7.04	UNKNOWN
ubuntu	6.10	noarch	xulrunner	< 1.8.0.5-4.2	UNKNOWN
ubuntu	7.04	noarch	xulrunner	< 1.8.0.5-4.2	UNKNOWN