You are here: Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.8) > MFSA 2007-31

Mozilla Foundation Security Advisory 2007-31

Title: Digest authentication request splitting
Impact: Moderate
Announced: October 18, 2007
Reporter: Stefano Di Paola
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8
  SeaMonkey 1.1.5

Description

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts.

References