You are here: Known Vulnerabilities in Mozilla Products (Firefox > MFSA 2007-31

Mozilla Foundation Security Advisory 2007-31

Title: Digest authentication request splitting
Impact: Moderate
Announced: October 18, 2007
Reporter: Stefano Di Paola
Products: Firefox, SeaMonkey

Fixed in: Firefox
  SeaMonkey 1.1.5


Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts.