CVE-2005-2703

NameCVE-2005-2703
DescriptionFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-838-1, DSA-866-1, DSA-868-1
NVD severitymedium (attack range: remote)
Debian Bugs329778
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasource(unstable)2:1.7.12-1medium
mozillasourcesarge1:1.7.8-1sarge3mediumDSA-866-1
mozillasourcewoody(unfixed)mediumDSA-866-1
mozilla-firefoxsource(unstable)1.0.7-1medium329778
mozilla-firefoxsourcesarge1.0.4-2sarge5mediumDSA-838-1
mozilla-thunderbirdsource(unstable)1.0.7-1medium
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.7mediumDSA-868-1

Search for package or bug name: Reporting problems