Launchpad.net

CVE 2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Related bugs and status

CVE-2007-2292 (Candidate) is related to these bugs:

Bug #148942: thunderbird 2.0 not compiled with UNIX (movemail) acccount option.

Summary				In	Importance	Status
	148942	thunderbird 2.0 not compiled with UNIX (movemail) acccount option.		thunderbird (Ubuntu)	Undecided	Fix Released

Bug #150791: firefox package on packages site carries warning about development version

Summary				In	Importance	Status
	150791	firefox package on packages site carries warning about development version		firefox (Ubuntu)	Undecided	Fix Released

Bug #154393: [Firefox] security update release 2.0.0.8 available from upstream

		In	Importance	Status
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Dapper)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Edgy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Feisty)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Hardy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.wisec.it/vu...
BID: 23668
SECTRACK: 1017968
SREASON: 2654
MISC: https://bugzilla.mozil...
CONFIRM: http://www.mozilla.org...
MANDRIVA: MDKSA-2007:202
REDHAT: RHSA-2007:0979
REDHAT: RHSA-2007:0980
REDHAT: RHSA-2007:0981
SECUNIA: 27276
SECUNIA: 27325
SECUNIA: 27327
FEDORA: FEDORA-2007-2601
UBUNTU: USN-536-1
SECUNIA: 27335
SECUNIA: 27356
SECUNIA: 27383
DEBIAN: DSA-1396
SECUNIA: 27425
CONFIRM: https://issues.rpath.c...
SECUNIA: 27403
SUSE: SUSE-SA:2007:057
DEBIAN: DSA-1401
SECUNIA: 27480
CONFIRM: http://support.novell....
DEBIAN: DSA-1392
FEDORA: FEDORA-2007-2664
SECUNIA: 27387
SECUNIA: 27298
SECUNIA: 27311
SECUNIA: 27315
SECUNIA: 27336
GENTOO: GLSA-200711-14
SECUNIA: 27665
SECUNIA: 27414
FEDORA: FEDORA-2007-3431
SECUNIA: 27680
HP: HPSBUX02153
HP: SSRT061181
SECUNIA: 27360
SECUNIA: 28398
SUNALERT: 201516
VUPEN: ADV-2007-3544
VUPEN: ADV-2007-3587
VUPEN: ADV-2008-0083
XF: firefox-lf-response-sp...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-535-1
BUGTRAQ: 20070425 IE 7 and Fire...
BUGTRAQ: 20071029 FLEA-2007-006...
BUGTRAQ: 20071026 rPSA-2007-022...
BUGTRAQ: 20071029 rPSA-2007-022...