HTTP Response Splitting Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey
CVE-2011-3000 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.
Learn more about our Web Application Penetration Testing UK.