Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:MOZILLA:DUP-LOC-HEADER |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Multiple Products Duplicate Location Headers Vulnerability |
Release Date |
2012/11/11 |
Update Number |
2202 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Mozilla Multiple Products Duplicate Location Headers Vulnerability
This signature detects attempts to exploit a known vulnerability in multiple Mozilla products. A vulnerability has been detected in Mozilla Firefox, Thunderbird and SeaMonkey. When multiple Location, Content-Type, Content-Length or Content-Disposition headers are present in an HTTP response, these Mozilla products use the last one, making them more susceptible to newline insertion attacks. An attacker may leverage this vulnerability in conjunction with a vulnerable web application to e.g. redirect target users to malicious URLs.
Extended Description
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how Web content is served, cached, or interpreted. This could aid in various attacks that try to instill client users with a false sense of trust. This issue is fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4
Affected Products
- Avaya aura_presence_services 6.0
- Avaya aura_presence_services 6.1
- Avaya aura_presence_services 6.1.1
- Avaya aura_session_manager 1.0
- Avaya aura_session_manager 1.1
- Avaya aura_session_manager 5.2
- Avaya aura_session_manager 5.2 SP1
- Avaya aura_session_manager 5.2 SP2
- Avaya aura_session_manager 6.0
- Avaya aura_session_manager 6.0 SP1
- Avaya aura_session_manager 6.1
- Avaya aura_session_manager 6.1.1
- Avaya aura_session_manager 6.1.2
- Avaya aura_session_manager 6.1.3
- Avaya aura_session_manager 6.1 Sp1
- Avaya aura_session_manager 6.1 SP2
- Avaya aura_system_manager 5.2
- Avaya aura_system_manager 6.0
- Avaya aura_system_manager 6.0 SP1
- Avaya aura_system_manager 6.1
- Avaya aura_system_manager 6.1.1
- Avaya aura_system_manager 6.1.2
- Avaya aura_system_manager 6.1.3
- Avaya aura_system_manager 6.1 Sp1
- Avaya aura_system_manager 6.1 SP2
- Avaya communication_server_1000e 7.0
- Avaya communication_server_1000e 7.5
- Avaya communication_server_1000m 7.0
- Avaya communication_server_1000m 7.5
- Avaya iq 5
- Avaya iq 5.1
- Avaya iq 5.1.1
- Avaya iq 5.2
- Avaya message_networking 5.2
- Avaya message_networking 5.2.1
- Avaya message_networking 5.2.2
- Avaya message_networking 5.2 SP1
- Avaya messaging_storage_server 5.0
- Avaya messaging_storage_server 5.1
- Avaya messaging_storage_server 5.1 SP1
- Avaya messaging_storage_server 5.1 SP2
- Avaya messaging_storage_server 5.2
- Avaya messaging_storage_server 5.2.2
- Avaya messaging_storage_server 5.2.8
- Avaya messaging_storage_server 5.2 SP1
- Avaya messaging_storage_server 5.2 SP2
- Avaya messaging_storage_server 5.2 SP3
- Debian linux 6.0 amd64
- Debian linux 6.0 arm
- Debian linux 6.0 ia-32
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Debian linux 6.0 powerpc
- Debian linux 6.0 s/390
- Debian linux 6.0 sparc
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Mandriva linux_mandrake 2010.1
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2011
- Mandriva linux_mandrake 2011 x86_64
- Mozilla firefox 3.6
- Mozilla firefox 3.6.10
- Mozilla firefox 3.6.11
- Mozilla firefox 3.6.12
- Mozilla firefox 3.6.13
- Mozilla firefox 3.6.13
- Mozilla firefox 3.6.14
- Mozilla firefox 3.6.15
- Mozilla firefox 3.6.16
- Mozilla firefox 3.6.17
- Mozilla firefox 3.6.18
- Mozilla firefox 3.6.19
- Mozilla firefox 3.6.2
- Mozilla firefox 3.6.2
- Mozilla firefox 3.6.20
- Mozilla firefox 3.6.3
- Mozilla firefox 3.6.4
- Mozilla firefox 3.6.5
- Mozilla firefox 3.6.6
- Mozilla firefox 3.6.6
- Mozilla firefox 3.6.7
- Mozilla firefox 3.6.8
- Mozilla firefox 3.6.9
- Mozilla firefox 3.6 Beta 2
- Mozilla firefox 3.6 Beta 3
- Mozilla seamonkey 2.0
- Mozilla seamonkey 2.2
- Mozilla seamonkey 2.2
- Mozilla seamonkey 2.3
- Mozilla thunderbird 5
- Mozilla thunderbird 6
- Mozilla thunderbird 6
- Oracle enterprise_linux 6
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux Desktop Version 4
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop 6
- Red_hat enterprise_linux_desktop_optional 6
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_hpc_node_optional 6
- Red_hat enterprise_linux_server 6
- Red_hat enterprise_linux_server_optional 6
- Red_hat enterprise_linux_workstation 6
- Red_hat enterprise_linux_workstation_optional 6
- Red_hat enterprise_linux_ws 4
- Red_hat fedora 14
- Red_hat fedora 15
- Red_hat fedora 16
- Suse opensuse 11.3
- Suse opensuse 11.4
- Suse suse_linux_enterprise_desktop 10 SP4
- Suse suse_linux_enterprise_desktop 11 SP1
- Suse suse_linux_enterprise_sdk 10 SP3
- Suse suse_linux_enterprise_sdk 10 SP4
- Suse suse_linux_enterprise_sdk 11 SP1
- Suse suse_linux_enterprise_server 10 SP3
- Suse suse_linux_enterprise_server 10 SP4
- Suse suse_linux_enterprise_server 11 SP1
- Suse suse_linux_enterprise_server_for_vmware 11 SP1
- Ubuntu ubuntu_linux 10.04 Amd64
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.10 ARM
- Ubuntu ubuntu_linux 10.10 i386
- Ubuntu ubuntu_linux 10.10 powerpc
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Ubuntu ubuntu_linux 11.04 powerpc
References
- BugTraq: 49849
- CVE: CVE-2011-3000