NVD Vulnerability Detail

CVE-2006-2786

Summary	HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Publication Date	June 3, 2006, 5:02 a.m.
Registration Date	Jan. 29, 2021, 3:38 p.m.
Last Update	Oct. 19, 2018, 1:42 a.m.

CVSS2.0 : LOW
Score	2.6
Vector	AV:N/AC:H/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox::::::::		1.5.0.3
cpe:2.3:a:mozilla:thunderbird::::::::		1.5.0.3

Related information, measures and tools

No	URL	refsource	タグ
1	http://rhn.redhat.com/errata/RHSA-2006-0609.html	REDHAT
2	http://secunia.com/advisories/20376	SECUNIA
3	http://secunia.com/advisories/20382	SECUNIA
4	http://secunia.com/advisories/20561	SECUNIA
5	http://secunia.com/advisories/20709	SECUNIA
6	http://secunia.com/advisories/21134	SECUNIA
7	http://secunia.com/advisories/21176	SECUNIA
8	http://secunia.com/advisories/21178	SECUNIA
9	http://secunia.com/advisories/21183	SECUNIA
10	http://secunia.com/advisories/21188	SECUNIA
11	http://secunia.com/advisories/21269	SECUNIA
12	http://secunia.com/advisories/21270	SECUNIA
13	http://secunia.com/advisories/21324	SECUNIA
14	http://secunia.com/advisories/21336	SECUNIA
15	http://secunia.com/advisories/21532	SECUNIA
16	http://secunia.com/advisories/21631	SECUNIA
17	http://secunia.com/advisories/22065	SECUNIA
18	http://secunia.com/advisories/22066	SECUNIA
19	http://securitytracker.com/id?1016202	SECTRACK
20	http://securitytracker.com/id?1016214	SECTRACK
21	http://www.debian.org/security/2006/dsa-1118	DEBIAN
22	http://www.debian.org/security/2006/dsa-1120	DEBIAN
23	http://www.debian.org/security/2006/dsa-1134	DEBIAN
24	http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml	GENTOO
25	http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml	GENTOO
26	http://www.mandriva.com/security/advisories?name=MDKSA-2006:143	MANDRIVA
27	http://www.mandriva.com/security/advisories?name=MDKSA-2006:145	MANDRIVA
28	http://www.mozilla.org/security/announce/2006/mfsa2006-33.html	CONFIRM	Vendor Advisory
29	http://www.novell.com/linux/security/advisories/2006_35_mozilla.html	SUSE
30	http://www.redhat.com/support/errata/RHSA-2006-0578.html	REDHAT
31	http://www.redhat.com/support/errata/RHSA-2006-0594.html	REDHAT
32	http://www.redhat.com/support/errata/RHSA-2006-0610.html	REDHAT
33	http://www.redhat.com/support/errata/RHSA-2006-0611.html	REDHAT
34	http://www.securityfocus.com/archive/1/435795/100/0/threaded	BUGTRAQ
35	http://www.securityfocus.com/archive/1/446657/100/200/threaded	HP
36	http://www.securityfocus.com/archive/1/446658/100/200/threaded	HP
37	http://www.securityfocus.com/bid/18228	BID
38	http://www.vupen.com/english/advisories/2006/2106	VUPEN
39	http://www.vupen.com/english/advisories/2006/3748	VUPEN
40	http://www.vupen.com/english/advisories/2006/3749	VUPEN
41	http://www.vupen.com/english/advisories/2008/0083	VUPEN
42	https://exchange.xforce.ibmcloud.com/vulnerabilities/26844	XF
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966	OVAL
44	https://usn.ubuntu.com/296-1/	UBUNTU
45	https://usn.ubuntu.com/296-2/	UBUNTU
46	https://usn.ubuntu.com/297-1/	UBUNTU
47	https://usn.ubuntu.com/323-1/	UBUNTU

Common Vulnerabilities List