CVE-2005-2703

NameCVE-2005-2703
DescriptionFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-838-1, DSA-866-1, DSA-868-1
NVD severitymedium (attack range: remote)
Debian Bugs329778

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasource(unstable)2:1.7.12-1medium
mozillasourcesarge1:1.7.8-1sarge3mediumDSA-866-1
mozillasourcewoody(unfixed)mediumDSA-866-1
mozilla-firefoxsource(unstable)1.0.7-1medium329778
mozilla-firefoxsourcesarge1.0.4-2sarge5mediumDSA-838-1
mozilla-thunderbirdsource(unstable)1.0.7-1medium
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.7mediumDSA-868-1

Search for package or bug name: Reporting problems