NVD脆弱性詳細

CVE-2006-2786

概要	HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
公表日	2006年6月3日5:02
登録日	2021年1月29日15:38
最終更新日	2018年10月19日1:42

CVSS2.0 : LOW
スコア	2.6
ベクター	AV:N/AC:H/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox::::::::		1.5.0.3
cpe:2.3:a:mozilla:thunderbird::::::::		1.5.0.3

関連情報、対策とツール

No	URL	refsource	タグ
1	http://rhn.redhat.com/errata/RHSA-2006-0609.html	REDHAT
2	http://secunia.com/advisories/20376	SECUNIA
3	http://secunia.com/advisories/20382	SECUNIA
4	http://secunia.com/advisories/20561	SECUNIA
5	http://secunia.com/advisories/20709	SECUNIA
6	http://secunia.com/advisories/21134	SECUNIA
7	http://secunia.com/advisories/21176	SECUNIA
8	http://secunia.com/advisories/21178	SECUNIA
9	http://secunia.com/advisories/21183	SECUNIA
10	http://secunia.com/advisories/21188	SECUNIA
11	http://secunia.com/advisories/21269	SECUNIA
12	http://secunia.com/advisories/21270	SECUNIA
13	http://secunia.com/advisories/21324	SECUNIA
14	http://secunia.com/advisories/21336	SECUNIA
15	http://secunia.com/advisories/21532	SECUNIA
16	http://secunia.com/advisories/21631	SECUNIA
17	http://secunia.com/advisories/22065	SECUNIA
18	http://secunia.com/advisories/22066	SECUNIA
19	http://securitytracker.com/id?1016202	SECTRACK
20	http://securitytracker.com/id?1016214	SECTRACK
21	http://www.debian.org/security/2006/dsa-1118	DEBIAN
22	http://www.debian.org/security/2006/dsa-1120	DEBIAN
23	http://www.debian.org/security/2006/dsa-1134	DEBIAN
24	http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml	GENTOO
25	http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml	GENTOO
26	http://www.mandriva.com/security/advisories?name=MDKSA-2006:143	MANDRIVA
27	http://www.mandriva.com/security/advisories?name=MDKSA-2006:145	MANDRIVA
28	http://www.mozilla.org/security/announce/2006/mfsa2006-33.html	CONFIRM	Vendor Advisory
29	http://www.novell.com/linux/security/advisories/2006_35_mozilla.html	SUSE
30	http://www.redhat.com/support/errata/RHSA-2006-0578.html	REDHAT
31	http://www.redhat.com/support/errata/RHSA-2006-0594.html	REDHAT
32	http://www.redhat.com/support/errata/RHSA-2006-0610.html	REDHAT
33	http://www.redhat.com/support/errata/RHSA-2006-0611.html	REDHAT
34	http://www.securityfocus.com/archive/1/435795/100/0/threaded	BUGTRAQ
35	http://www.securityfocus.com/archive/1/446657/100/200/threaded	HP
36	http://www.securityfocus.com/archive/1/446658/100/200/threaded	HP
37	http://www.securityfocus.com/bid/18228	BID
38	http://www.vupen.com/english/advisories/2006/2106	VUPEN
39	http://www.vupen.com/english/advisories/2006/3748	VUPEN
40	http://www.vupen.com/english/advisories/2006/3749	VUPEN
41	http://www.vupen.com/english/advisories/2008/0083	VUPEN
42	https://exchange.xforce.ibmcloud.com/vulnerabilities/26844	XF
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966	OVAL
44	https://usn.ubuntu.com/296-1/	UBUNTU
45	https://usn.ubuntu.com/296-2/	UBUNTU
46	https://usn.ubuntu.com/297-1/	UBUNTU
47	https://usn.ubuntu.com/323-1/	UBUNTU

共通脆弱性一覧