CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox prior to 2.0.0.8 and SeaMonkey prior to 1.1.5 allows remote malicious users to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
microsoft internet explorer 7.0.5730.11 |