Vulnerability-Lookup

CVE-2006-2786 (GCVE-0-2006-2786)

Vulnerability from cvelistv5 – Published: 2006-06-03 00:00 – Updated: 2024-08-07 18:06

Summary

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/20709	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21176	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2006/3748	vdb-entryx_refsource_VUPEN
	https://usn.ubuntu.com/296-1/	vendor-advisoryx_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://usn.ubuntu.com/323-1/	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/20561	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2006-05…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/21336	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/20382	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1016214	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/435795/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/3749	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/20376	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2006-0609.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/21178	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1016202	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/18228	vdb-entryx_refsource_BID
	http://secunia.com/advisories/21532	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21270	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0083	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/21188	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21134	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21631	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/446658/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/446657/100…	vendor-advisoryx_refsource_HP
	https://usn.ubuntu.com/296-2/	vendor-advisoryx_refsource_UBUNTU
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://www.debian.org/security/2006/dsa-1118	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/archive/1/446658/100…	vendor-advisoryx_refsource_HP
	http://www.debian.org/security/2006/dsa-1120	vendor-advisoryx_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/446657/100…	vendor-advisoryx_refsource_HP
	http://www.debian.org/security/2006/dsa-1134	vendor-advisoryx_refsource_DEBIAN
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/21324	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21183	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22066	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21269	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.mozilla.org/security/announce/2006/mfs…	x_refsource_CONFIRM
	https://usn.ubuntu.com/297-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2006-05…	vendor-advisoryx_refsource_REDHAT
	http://www.vupen.com/english/advisories/2006/2106	vdb-entryx_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/22065	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:26.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20709",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20709"
          },
          {
            "name": "21176",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21176"
          },
          {
            "name": "MDKSA-2006:145",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
          },
          {
            "name": "ADV-2006-3748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "USN-296-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/296-1/"
          },
          {
            "name": "mozilla-http-response-smuggling(26844)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
          },
          {
            "name": "USN-323-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/323-1/"
          },
          {
            "name": "20561",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20561"
          },
          {
            "name": "oval:org.mitre.oval:def:9966",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
          },
          {
            "name": "RHSA-2006:0594",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
          },
          {
            "name": "21336",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21336"
          },
          {
            "name": "20382",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20382"
          },
          {
            "name": "1016214",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016214"
          },
          {
            "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
          },
          {
            "name": "ADV-2006-3749",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3749"
          },
          {
            "name": "RHSA-2006:0610",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
          },
          {
            "name": "20376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20376"
          },
          {
            "name": "RHSA-2006:0609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
          },
          {
            "name": "21178",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21178"
          },
          {
            "name": "1016202",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016202"
          },
          {
            "name": "18228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18228"
          },
          {
            "name": "21532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21532"
          },
          {
            "name": "21270",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21270"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "21188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21188"
          },
          {
            "name": "21134",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21134"
          },
          {
            "name": "21631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21631"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
          },
          {
            "name": "SSRT061236",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
          },
          {
            "name": "USN-296-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/296-2/"
          },
          {
            "name": "GLSA-200606-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
          },
          {
            "name": "DSA-1118",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1118"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
          },
          {
            "name": "DSA-1120",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1120"
          },
          {
            "name": "RHSA-2006:0611",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
          },
          {
            "name": "HPSBUX02156",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
          },
          {
            "name": "DSA-1134",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1134"
          },
          {
            "name": "GLSA-200606-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
          },
          {
            "name": "21324",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21324"
          },
          {
            "name": "21183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21183"
          },
          {
            "name": "22066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "21269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21269"
          },
          {
            "name": "SUSE-SA:2006:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
          },
          {
            "name": "USN-297-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/297-1/"
          },
          {
            "name": "RHSA-2006:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
          },
          {
            "name": "ADV-2006-2106",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2106"
          },
          {
            "name": "MDKSA-2006:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
          },
          {
            "name": "22065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22065"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-01T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20709",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20709"
        },
        {
          "name": "21176",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21176"
        },
        {
          "name": "MDKSA-2006:145",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
        },
        {
          "name": "ADV-2006-3748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3748"
        },
        {
          "name": "USN-296-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/296-1/"
        },
        {
          "name": "mozilla-http-response-smuggling(26844)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
        },
        {
          "name": "USN-323-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/323-1/"
        },
        {
          "name": "20561",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20561"
        },
        {
          "name": "oval:org.mitre.oval:def:9966",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
        },
        {
          "name": "RHSA-2006:0594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
        },
        {
          "name": "21336",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21336"
        },
        {
          "name": "20382",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20382"
        },
        {
          "name": "1016214",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016214"
        },
        {
          "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
        },
        {
          "name": "ADV-2006-3749",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3749"
        },
        {
          "name": "RHSA-2006:0610",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
        },
        {
          "name": "20376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20376"
        },
        {
          "name": "RHSA-2006:0609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
        },
        {
          "name": "21178",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21178"
        },
        {
          "name": "1016202",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016202"
        },
        {
          "name": "18228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18228"
        },
        {
          "name": "21532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21532"
        },
        {
          "name": "21270",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21270"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "21188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21188"
        },
        {
          "name": "21134",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21134"
        },
        {
          "name": "21631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21631"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
        },
        {
          "name": "SSRT061236",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
        },
        {
          "name": "USN-296-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/296-2/"
        },
        {
          "name": "GLSA-200606-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
        },
        {
          "name": "DSA-1118",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1118"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
        },
        {
          "name": "DSA-1120",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1120"
        },
        {
          "name": "RHSA-2006:0611",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
        },
        {
          "name": "HPSBUX02156",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
        },
        {
          "name": "DSA-1134",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1134"
        },
        {
          "name": "GLSA-200606-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
        },
        {
          "name": "21324",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21324"
        },
        {
          "name": "21183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21183"
        },
        {
          "name": "22066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22066"
        },
        {
          "name": "21269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21269"
        },
        {
          "name": "SUSE-SA:2006:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
        },
        {
          "name": "USN-297-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/297-1/"
        },
        {
          "name": "RHSA-2006:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
        },
        {
          "name": "ADV-2006-2106",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2106"
        },
        {
          "name": "MDKSA-2006:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
        },
        {
          "name": "22065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22065"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20709",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20709"
            },
            {
              "name": "21176",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21176"
            },
            {
              "name": "MDKSA-2006:145",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
            },
            {
              "name": "ADV-2006-3748",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3748"
            },
            {
              "name": "USN-296-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/296-1/"
            },
            {
              "name": "mozilla-http-response-smuggling(26844)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
            },
            {
              "name": "USN-323-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/323-1/"
            },
            {
              "name": "20561",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20561"
            },
            {
              "name": "oval:org.mitre.oval:def:9966",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
            },
            {
              "name": "RHSA-2006:0594",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
            },
            {
              "name": "21336",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21336"
            },
            {
              "name": "20382",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20382"
            },
            {
              "name": "1016214",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016214"
            },
            {
              "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
            },
            {
              "name": "ADV-2006-3749",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3749"
            },
            {
              "name": "RHSA-2006:0610",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
            },
            {
              "name": "20376",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20376"
            },
            {
              "name": "RHSA-2006:0609",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
            },
            {
              "name": "21178",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21178"
            },
            {
              "name": "1016202",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016202"
            },
            {
              "name": "18228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18228"
            },
            {
              "name": "21532",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21532"
            },
            {
              "name": "21270",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21270"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "21188",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21188"
            },
            {
              "name": "21134",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21134"
            },
            {
              "name": "21631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21631"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
            },
            {
              "name": "SSRT061236",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
            },
            {
              "name": "USN-296-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/296-2/"
            },
            {
              "name": "GLSA-200606-21",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
            },
            {
              "name": "DSA-1118",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1118"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
            },
            {
              "name": "DSA-1120",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1120"
            },
            {
              "name": "RHSA-2006:0611",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
            },
            {
              "name": "HPSBUX02156",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
            },
            {
              "name": "DSA-1134",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1134"
            },
            {
              "name": "GLSA-200606-12",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
            },
            {
              "name": "21324",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21324"
            },
            {
              "name": "21183",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21183"
            },
            {
              "name": "22066",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22066"
            },
            {
              "name": "21269",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21269"
            },
            {
              "name": "SUSE-SA:2006:035",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
            },
            {
              "name": "USN-297-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/297-1/"
            },
            {
              "name": "RHSA-2006:0578",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
            },
            {
              "name": "ADV-2006-2106",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2106"
            },
            {
              "name": "MDKSA-2006:143",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
            },
            {
              "name": "22065",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22065"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2786",
    "datePublished": "2006-06-03T00:00:00.000Z",
    "dateReserved": "2006-06-02T04:00:00.000Z",
    "dateUpdated": "2024-08-07T18:06:26.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2006-2786

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2786

Aliases

CVE-2006-2786

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2786",
    "description": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.",
    "id": "GSD-2006-2786",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-2786.html",
      "https://www.debian.org/security/2006/dsa-1134",
      "https://www.debian.org/security/2006/dsa-1120",
      "https://www.debian.org/security/2006/dsa-1118",
      "https://access.redhat.com/errata/RHSA-2006:0611",
      "https://access.redhat.com/errata/RHSA-2006:0610",
      "https://access.redhat.com/errata/RHSA-2006:0609",
      "https://access.redhat.com/errata/RHSA-2006:0594",
      "https://access.redhat.com/errata/RHSA-2006:0578",
      "https://linux.oracle.com/cve/CVE-2006-2786.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2786"
      ],
      "details": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.",
      "id": "GSD-2006-2786",
      "modified": "2023-12-13T01:19:52.351565Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2786",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20709",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20709"
          },
          {
            "name": "21176",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21176"
          },
          {
            "name": "MDKSA-2006:145",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
          },
          {
            "name": "ADV-2006-3748",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "USN-296-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/296-1/"
          },
          {
            "name": "mozilla-http-response-smuggling(26844)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
          },
          {
            "name": "USN-323-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/323-1/"
          },
          {
            "name": "20561",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20561"
          },
          {
            "name": "oval:org.mitre.oval:def:9966",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
          },
          {
            "name": "RHSA-2006:0594",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
          },
          {
            "name": "21336",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21336"
          },
          {
            "name": "20382",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20382"
          },
          {
            "name": "1016214",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016214"
          },
          {
            "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
          },
          {
            "name": "ADV-2006-3749",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3749"
          },
          {
            "name": "RHSA-2006:0610",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
          },
          {
            "name": "20376",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20376"
          },
          {
            "name": "RHSA-2006:0609",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
          },
          {
            "name": "21178",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21178"
          },
          {
            "name": "1016202",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016202"
          },
          {
            "name": "18228",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18228"
          },
          {
            "name": "21532",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21532"
          },
          {
            "name": "21270",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21270"
          },
          {
            "name": "ADV-2008-0083",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "21188",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21188"
          },
          {
            "name": "21134",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21134"
          },
          {
            "name": "21631",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21631"
          },
          {
            "name": "SSRT061181",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
          },
          {
            "name": "SSRT061236",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
          },
          {
            "name": "USN-296-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/296-2/"
          },
          {
            "name": "GLSA-200606-21",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
          },
          {
            "name": "DSA-1118",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1118"
          },
          {
            "name": "HPSBUX02153",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
          },
          {
            "name": "DSA-1120",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1120"
          },
          {
            "name": "RHSA-2006:0611",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
          },
          {
            "name": "HPSBUX02156",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
          },
          {
            "name": "DSA-1134",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1134"
          },
          {
            "name": "GLSA-200606-12",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
          },
          {
            "name": "21324",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21324"
          },
          {
            "name": "21183",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21183"
          },
          {
            "name": "22066",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "21269",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21269"
          },
          {
            "name": "SUSE-SA:2006:035",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
          },
          {
            "name": "USN-297-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/297-1/"
          },
          {
            "name": "RHSA-2006:0578",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
          },
          {
            "name": "ADV-2006-2106",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2106"
          },
          {
            "name": "MDKSA-2006:143",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
          },
          {
            "name": "22065",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22065"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2786"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
            },
            {
              "name": "18228",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18228"
            },
            {
              "name": "1016202",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016202"
            },
            {
              "name": "1016214",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016214"
            },
            {
              "name": "20376",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20376"
            },
            {
              "name": "20382",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20382"
            },
            {
              "name": "GLSA-200606-12",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
            },
            {
              "name": "20561",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20561"
            },
            {
              "name": "GLSA-200606-21",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
            },
            {
              "name": "SUSE-SA:2006:035",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
            },
            {
              "name": "20709",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20709"
            },
            {
              "name": "RHSA-2006:0578",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
            },
            {
              "name": "21134",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21134"
            },
            {
              "name": "DSA-1118",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1118"
            },
            {
              "name": "DSA-1120",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1120"
            },
            {
              "name": "21183",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21183"
            },
            {
              "name": "21176",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21176"
            },
            {
              "name": "21178",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21178"
            },
            {
              "name": "21188",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21188"
            },
            {
              "name": "DSA-1134",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1134"
            },
            {
              "name": "RHSA-2006:0610",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
            },
            {
              "name": "RHSA-2006:0611",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
            },
            {
              "name": "21269",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21269"
            },
            {
              "name": "21270",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21270"
            },
            {
              "name": "RHSA-2006:0609",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
            },
            {
              "name": "21336",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21336"
            },
            {
              "name": "21324",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21324"
            },
            {
              "name": "21532",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21532"
            },
            {
              "name": "RHSA-2006:0594",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
            },
            {
              "name": "21631",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21631"
            },
            {
              "name": "MDKSA-2006:143",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
            },
            {
              "name": "MDKSA-2006:145",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
            },
            {
              "name": "22065",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22065"
            },
            {
              "name": "22066",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22066"
            },
            {
              "name": "ADV-2006-3749",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3749"
            },
            {
              "name": "ADV-2006-2106",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2106"
            },
            {
              "name": "ADV-2006-3748",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3748"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "mozilla-http-response-smuggling(26844)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
            },
            {
              "name": "oval:org.mitre.oval:def:9966",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
            },
            {
              "name": "USN-323-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/323-1/"
            },
            {
              "name": "USN-297-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/297-1/"
            },
            {
              "name": "USN-296-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/296-2/"
            },
            {
              "name": "USN-296-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/296-1/"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
            },
            {
              "name": "SSRT061236",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
            },
            {
              "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:42Z",
      "publishedDate": "2006-06-02T20:02Z"
    }
  }
}

JVNDB-2006-000326

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

N/A (UNKNOWN) - -

Summary

Mozilla Firefox vulnerable to HTTP response splitting

Details

(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server. (2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN62734622/index.html
	JVN	http://jvn.jp/en/jp/JVN28513736/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2786
	BID	http://www.securityfocus.com/bid/18228
	FRSIRT	http://www.frsirt.com/english/advisories/2006/2106

Impacted products

Vendor

Product

	mozilla.org contributors	Mozilla Firefox
	mozilla.org contributors	Mozilla SeaMonkey
	mozilla.org contributors	Mozilla Thunderbird
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Linux Advanced Workstation

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.\r\n\r\n(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:mozilla:firefox",
      "@product": "Mozilla Firefox",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:seamonkey",
      "@product": "Mozilla SeaMonkey",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:thunderbird",
      "@product": "Mozilla Thunderbird",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000326",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN62734622/index.html",
      "@id": "JVN#62734622",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN28513736/index.html",
      "@id": "JVN#28513736",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786",
      "@id": "CVE-2006-2786",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2786",
      "@id": "CVE-2006-2786",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18228",
      "@id": "18228",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/2106",
      "@id": "FrSIRT/ADV-2006-2106",
      "@source": "FRSIRT"
    }
  ],
  "title": "Mozilla Firefox vulnerable to HTTP response splitting"
}

GHSA-H93J-JRRW-XQFP

Vulnerability from github – Published: 2022-05-01 07:02 – Updated: 2025-04-03 04:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2786"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-02T20:02:00Z",
    "severity": "LOW"
  },
  "details": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.",
  "id": "GHSA-h93j-jrrw-xqfp",
  "modified": "2025-04-03T04:33:49Z",
  "published": "2022-05-01T07:02:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2786"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/296-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/296-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/297-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/323-1"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20376"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20382"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20561"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20709"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21134"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21176"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21178"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21183"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21188"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21269"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21270"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21324"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21336"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21631"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016202"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016214"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1118"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1120"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1134"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18228"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2106"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-2786

Vulnerability from fkie_nvd - Published: 2006-06-02 20:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2006-0609.html
cve@mitre.org	http://secunia.com/advisories/20376
cve@mitre.org	http://secunia.com/advisories/20382
cve@mitre.org	http://secunia.com/advisories/20561
cve@mitre.org	http://secunia.com/advisories/20709
cve@mitre.org	http://secunia.com/advisories/21134
cve@mitre.org	http://secunia.com/advisories/21176
cve@mitre.org	http://secunia.com/advisories/21178
cve@mitre.org	http://secunia.com/advisories/21183
cve@mitre.org	http://secunia.com/advisories/21188
cve@mitre.org	http://secunia.com/advisories/21269
cve@mitre.org	http://secunia.com/advisories/21270
cve@mitre.org	http://secunia.com/advisories/21324
cve@mitre.org	http://secunia.com/advisories/21336
cve@mitre.org	http://secunia.com/advisories/21532
cve@mitre.org	http://secunia.com/advisories/21631
cve@mitre.org	http://secunia.com/advisories/22065
cve@mitre.org	http://secunia.com/advisories/22066
cve@mitre.org	http://securitytracker.com/id?1016202
cve@mitre.org	http://securitytracker.com/id?1016214
cve@mitre.org	http://www.debian.org/security/2006/dsa-1118
cve@mitre.org	http://www.debian.org/security/2006/dsa-1120
cve@mitre.org	http://www.debian.org/security/2006/dsa-1134
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
cve@mitre.org	http://www.mozilla.org/security/announce/2006/mfsa2006-33.html	Vendor Advisory
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0578.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0594.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0610.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0611.html
cve@mitre.org	http://www.securityfocus.com/archive/1/435795/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446657/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446658/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18228
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2106
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3748
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3749
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0083
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26844
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966
cve@mitre.org	https://usn.ubuntu.com/296-1/
cve@mitre.org	https://usn.ubuntu.com/296-2/
cve@mitre.org	https://usn.ubuntu.com/297-1/
cve@mitre.org	https://usn.ubuntu.com/323-1/
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2006-0609.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20376
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20382
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20561
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20709
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21134
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21176
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21178
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21183
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21188
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21269
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21270
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21324
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21336
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21532
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21631
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22065
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22066
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016202
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016214
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1118
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1120
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1134
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2006/mfsa2006-33.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0578.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0594.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0610.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0611.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/435795/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446657/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446658/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18228
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2106
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3748
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3749
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0083
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26844
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/296-1/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/296-2/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/297-1/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/323-1/

Impacted products

	Vendor	Product	Version
	mozilla	firefox	*
	mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5879A639-89D1-4D9C-9D97-DDA6AB862271",
              "versionEndIncluding": "1.5.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80D96C6-E20A-48C4-B9E3-2452B9742F1D",
              "versionEndIncluding": "1.5.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client."
    }
  ],
  "id": "CVE-2006-2786",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-02T20:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20376"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20382"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20561"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20709"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21134"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21176"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21178"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21183"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21188"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21269"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21270"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21324"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21631"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016202"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1118"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1120"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1134"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18228"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/296-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/296-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/297-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/323-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/296-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/296-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/297-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/323-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2786 (GCVE-0-2006-2786)

GSD-2006-2786

JVNDB-2006-000326

GHSA-H93J-JRRW-XQFP

FKIE_CVE-2006-2786

Tags

Sightings

Nomenclature