HTTP Response Splitting Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

HTTP Response Splitting Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

CVE-2011-3000 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.

Learn more about our Web Application Penetration Testing UK.