CVE-2005-2703

NameCVE-2005-2703
DescriptionFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-838-1, DSA-866-1, DSA-868-1
Debian Bugs329778

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasourcewoody(unfixed)DSA-866-1
mozillasourcesarge1:1.7.8-1sarge3DSA-866-1
mozillasource(unstable)2:1.7.12-1medium
mozilla-firefoxsourcesarge1.0.4-2sarge5DSA-838-1
mozilla-firefoxsource(unstable)1.0.7-1medium329778
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.7DSA-868-1
mozilla-thunderbirdsource(unstable)1.0.7-1
Search for package or bug name: Reporting problems